Antiphishing: How to Avoid the Phishing Expeditions

©2005-2006 US Netizen

[ other US Netizen articles Pharming firewalls antivirus antispyware]

What is Phishing?

Phishing

(pronounced fishing) is a technique used by unsavory individuals and companies to try and fool you into giving out important personal and financial information. Armed with publicly available information plus what you supply, they can forge documents, set up accounts, and steal your identity. The ultimate purpose is to separate you from your money.

Phishing is clearly on the rise, so it must be working. According to the Anti-Phishing Working Group, 75 million to 150 million phishing emails are sent every day and the number of websites known to be involved exceeds new sites 10,000 per month. That's way up from 1,000 per month last year.

What Phishing Looks Like

Phishing is usually started in the form of an email that look like it from a legitimate source. It usually is asking you to verify or update account information and provides a link to login to a website. These emails can look legitimate, but the Sender field can be spoofed, as can the links. Usually there is a logo that was actually taken from the real site. Often there is some kind of urgency involved such as your account will expire if you don't update your account information.

Most phishing messages are spoofed to be from a financial institution such as a bank or investment company. Remember, the ultimate goal is to separate you from your money and these are obvious ploys to get account information. These are the easiest to spot since financial institutions do not send out these types of emails.

Some phishing messages are aimed at getting personal information for the purpose of setting up new accounts. These are less obvious and and can ask for an address or telephone update from a governmental agency, retailer, or other non-financial institution. Since these types of organizations actually do send legitimate requests for more information, these are much less obvious.

Visual manipulations can be used to trick the user into thinking a site or link is legitimate. Look for these deceptions:

• Placing a lock or key icon on the web page to indicate a secure page. The lock icon shoul lie within the border of the browser, not on the web page.
• Using an image of a link that looks like the site you want to visit. This link looks pretty normal, but everything about it is spoofed: It's an image, not HTML and the status bar at the bottom of the page and the tool tip display fake information.

A new website PhishTank.com has loads of examples of phishing sites. Check a few out to see how real the sites look.

Once you reach the phishing website, they tend to be exact replicas of a sign-in page for a bank,  PayPal, or Ebay. The page itself looks good, but the phishing sites are pretty easy to spot by looking at the address bar in your browser. Most sites aren't very sophisicted about spoofing a legitimate address. Often, they sound similar to the real site like mybankonline.com rather than mybank.com. They also add a subdomain to the domain to look like mybank.xyxabc.com. All you have to do is look and most can be spotted.

How to Avoid Phishing Scams

Never click on the links in email messages. It can be extremely difficult to identify which are legitimate and which are spoofed. Go directly to the website of your financial institution and log in as usual. If there is a need to update some information, you will be informed when you log in.

Always be skeptical. Most legitimate companies do not send requests to update your information. Those that make these requests are finding that most people are suspicious and ignore the request.

Look at the address bar in your browser. The fake URLs are usually easy to spot.

Look for the lock indicating a secure page. All login pages should be on a secure web page that has a URL starting with https://. A secure page will have a lock that shows up at the bottom of the browser. Make sure the URL of the lock icon matches the URL in the address bar.

ADVERTISEMENT

An example of a legitimate need to contact you is a credit card company that detects unusually high activity on your account. In this case they will attempt to call you on the telephone. They will not send an email. They also already know your account numbers, so they will not ask you to confirm them.

General guidelines for protecting yourself against phishing scams:
• Do not give out personal or financial information through an email request.
• Always log on to your sensitive accounts by opening a new browser and typing the actual URL directly into the address bar. For example, if you receive a suspected phishing email from e-trade, open a new browser and type www.etrade.com in the address bar.
• Do not click on any link in a suspected phishing email.
• Only use a secure website to submit sensitive data. A secure sites’ address will begin with “https://” instead of “http://” and will show a lock or key icon at the bottom of the browser.

Antiphishing Toolbar

Internet Explorer version 7 contains a built-in antiphishing filter. And it's even turned on by default. The filter automatically checks the sites you visit against a blacklist maintained by Microsoft. If it's a supected phishing site, you get a warning. Not every site you visit ischaecked; IE uses heuristics to determine if a site is potentially a phishing site, then checks it agains a list.

Paranoid about sending infomation about your sufung habits to microsoft? Turni it off. But we recommend leaving it on. The potential safety outweighs the potential privacy problems.

Normally, we dislike toolbars as they often benefit the provider more than the user, but this one is different. The antiphishing toolbar from Netcraft gives a risk rating of websites you visit warning you of suspicious sites. They maintain a list of known phishing sites and the toolbar will warn you if the site is not legitimate. Of course, new phishing sites pop up all the time, so the toolbar also reports the country where the website is hosted. If you are visiting Proctor and Gamble, but the toolbar reports South Korea, chances are, the site is not legitimate.

Download the Netcraft antiphishing toolbar.

Microsoft has an antiphishing add-on to their search toolbar. The toolbar compares the sites you visit to a database of known phishing sites that is "updated several times per hour." Microsoft when you visit a site that is on their list, you are provided with a warning. A red warning appears when the site is a known phishing site "This website was blocked for your safety" and you are blocked from sharing personal information with the known phishing site.

If you visit a site that has characteristics similar to a phishing site, but it isn't on the list of known sites, you get a yellow warning. You are given the option to proceed and use the site, but an obvious warning "Caution: This website contains suspicious content." appears below the toolbar.

Download the Microsoft antiphishing toolbar (requires the MSN search toolbar)

Google has introduced Google Safe Browsing as an extension to Firefox. This toolbar detects if a website is a known phishing site similar to Netcraft and Microsoft. The problem is that sensitive data can be sent to Google unencrypted! 

For example, you visit a secure (https:) website and enter a username and password or your credit card number. The request is sent to the website encrypted and your data can only be read by that website. With the toolbar installed and active, the same information is also sent to Google, but it is unencrypted. If a hacker is capturing Internet packets, your username and password or credit card number are easily read along with the website where they are valid.

For this reason, we do not recommend the Google Safe Browsing extension.

Antiphishing Browser Addons

PhishGuard Anitphishing System - A browser addon that blocks phishing sites. If you click on a link in an e-mail, your browser loads as usual to follow tha link. Before you can visit the site in the link, PhishGuard analyzes the link by comparing the site to a list of known phishing sites. If it's a bad site, you get a popup tellling you that the site is a knwon phishing site and you are prevented from loading the page. Try it. It's free. Download PhishGuard

Site Advisor - A browser addon that provides a color-coded evaluation on the "spammyness" of a site. They test sites to see if they generate a lot of spam or link to sites that generate a lot of spam. The best part of this system is that the color coding shows up in the search results in Google, Yahoo, and MSN so you know is a site is spammy before you visit. Download Site Advisor.

Site advisor was purchaed by McAfee. It's still free - for now.

More methods of identifying phishing.

Reporting Phishing Scams

Reporting phishing is akin to reporting spam - 10 more are created if one is eliminated. If you want to report a particularly sneaky scam, visit the site the Anti-Phishing Working Group, and follow the instructions.

Further Reading

PayPal Combats Phishing

PC World February 2007

OnGuard Online

Federal Trade Commission

The Register Article

New Twist - Vishing

Similar to phishing, vishing uses phony VOIP phone numbers.

A New Threat - Pharming

Read about this very recent security threat: Pharming

doj

1-866-350-9085

Great Connections
Great Service
Great Prices

How can you go wrong?

Can't get DSL or cable? Don't want to pay those high fees? US Netizen Internet Service is faster with Overdrive

Surf up to 5x faster with Overdrive accelerated service. It really works. Testing on real web sites shows that Overdrive averages nearly three times as fast as standard 56k. Works with e-mail, too.
More Info on High Speed  

It's true! Internet service for $6.95

Sign Up On-Line or by Telephone

FREE SETUP

Instant Account Activation