Friday, March 11, 2005
The state of the art in phishing scams
Scammers who impersonate banks to trick you into giving them your banking password have some new tricks.
They've found a way to show you a link that starts with the real name of the bank they're impersonating. The link goes to the scammers's machine. It gets worse from there. They show you a copy of the real bank's web page and use a popup window to do their password stealing.
You won't seen anything obviously wrong in your browser.
The single best defense is to ignore email that claims to be from your bank asking you to log in. Real banks know better than to send things like that, or at least they should. Stay out of the technological arms race and use the same common sense you would if it were a phone call instead of email. You'd hang up on anyone who called and said they were from your bank and could they please have your credit card number and expiration date. Do the same for email.
The second best is to install software that tries to tell you whether links are legitimate. Spoofstick is a well-regarded Firefox extension that tries to warn you if someone's sending you to a fake web site. If you were still running Internet Explorer, I think there's a version that works with it too. I don't like this approach even though it usually works. The problem is that next week the scammers will think up a way to fool Spoofstick. Your best bet is to avoid the whole problem by not trusting a link you get in email.
Here are technical details for your technically oriented friends.
|
They've found a way to show you a link that starts with the real name of the bank they're impersonating. The link goes to the scammers's machine. It gets worse from there. They show you a copy of the real bank's web page and use a popup window to do their password stealing.
You won't seen anything obviously wrong in your browser.
The single best defense is to ignore email that claims to be from your bank asking you to log in. Real banks know better than to send things like that, or at least they should. Stay out of the technological arms race and use the same common sense you would if it were a phone call instead of email. You'd hang up on anyone who called and said they were from your bank and could they please have your credit card number and expiration date. Do the same for email.
The second best is to install software that tries to tell you whether links are legitimate. Spoofstick is a well-regarded Firefox extension that tries to warn you if someone's sending you to a fake web site. If you were still running Internet Explorer, I think there's a version that works with it too. I don't like this approach even though it usually works. The problem is that next week the scammers will think up a way to fool Spoofstick. Your best bet is to avoid the whole problem by not trusting a link you get in email.
Here are technical details for your technically oriented friends.
# posted by Frederick @ 8:48 PM Email to a friend:
Haloscan: they provide trackback