Online-Safety Resources for Home & School

Help in foiling phishers (from the 12/17/04 issue of Net Family News)

Have you gotten an email from PayPal, eBay, Citibank, or even your own bank lately? Did it say something unnerving about a certain amount having been removed from your account, or you can't use your account until you update it - "click here to update"? Chances are, it's a phishing scam.

The number of phishing emails that have been intercepted by MessageLabs (a large email security company serving businesses) increased 10-fold this past year - from 337,000 in January to 4.5 million last month, reported ZDNET UK.

Which means a growing number have been arriving in our families' PC in-box(es). The new news on this affects families even more: Now we and our Web-researcher kids can stumble on phishing sites just by using Google and other search engines, CNET reports. Phishers are "setting up legitimate looking e-commerce sites that disguise links to malicious software as pictures of goods on sale." You might see an instruction like, "Click here to download a picture" of the product, cartoon character, person, etc., and you'd be downloading malicious software that might log keystrokes (when typing in a password or credit card or social security number) or take control of your computer.

Fortunately, anti-phishing software products are emerging. I recently interviewed Jeffrey Hellman, president of the company that makes a simple anti-phishing toolbar called FraudEliminator that's free. [Please note: We spotlight online-safety options for readers when they're timely but do not have the resources to test software properly.]

One of the things I like most about this one is that, as Jeff put it, FraudEliminator's designer "set out to design a product that would keep his grandmother safe." Using it is not rocket science, it's perfect for the not-so-tech-literate or anybody who worries about online privacy or (like of all us) is tempted to click when email says someone's been accessing their bank account and they need to verify their ID!

If you do click to "PayPal" or whatever, a big warning box pops up and tells you it's actually a suspicious site based in Korea or Vanuatu (you choose whether or not to continue on to that site). The warning can be annoying, too, but the pluses might outpace the minuses when young Web researchers start clicking on faux "images" and downloading malicious software in sites they found in a search engine.

The toolbar on your PC "talks" to the FraudEliminator server, which updates its black list of scam sites every 15 minutes. How it "knows" a site's fraudulent and updates the black list is pretty interesting, but I won't bore you with too much detail. First, it uses artificial intelligence, the company says, to "recognize" key words and phrases that suggest fraud. It can also tell if the site you're clicking to is a real domain name (like or an IP address (a bunch of numbers); phishers' sites' addresses are more likely to be numbers only (an IP address is cheaper and quicker to be put up and abandoned). When a suspicious site is detected, a report goes from your PC to FraudEliminator headquarters. FE also has various "honeypot" email addresses scattered around the world, attracting spam and phishing emails, Jeff Hellman said. "In these honeypot accounts, we regularly receive up to dozens of phishing scams on a daily basis. These are reviewed and blacklisted" for the next update on users' PCs. FraudEliminator is not the only anti-phishing tool (see the links below for others) and it's probably not for the truly tech-savvy, but it's available, free, and easy to use - not much downside for families of varying age levels and degrees of tech expertise.

Further phishing news

HOME | newsletter | subscribe | links | supporters | about | feedback

Copyright 2004 Net Family News, Inc. | Our Privacy Policy