Monday, April 07, 2008
How a street-smart user handles a suspicious situation
I needed some information from my bank about an outstanding loan, clicked the relevant link, and wound up at a page telling me I needed to re-establish my online account.
This made me wonder "where am I"? I checked my anti-phishing Firefox extension and found that I was on a site I'd never been to before.
At this point, two of my suspicion flags had been triggered. First, someone was asking for credentials after I'd already logged in, second, I wasn't on my bank's web site any more.
I was at.loanadministration.com. I wondered whether that was legitimate. Some phishing sites have had names like that.
Phishing sites pop up and disappear in a matter of days, so I figured I'd check whether it had been around for a while. There are several ways to check that, but I simply Googled it and found plenty of references, including one that included a company name I recognized as my bank's outsourced loan processor.
So it was all right after all, but if you ever see a situation like that one you should check it out before you type sensitive information.
|
This made me wonder "where am I"? I checked my anti-phishing Firefox extension and found that I was on a site I'd never been to before.
At this point, two of my suspicion flags had been triggered. First, someone was asking for credentials after I'd already logged in, second, I wasn't on my bank's web site any more.
I was at
Phishing sites pop up and disappear in a matter of days, so I figured I'd check whether it had been around for a while. There are several ways to check that, but I simply Googled it and found plenty of references, including one that included a company name I recognized as my bank's outsourced loan processor.
So it was all right after all, but if you ever see a situation like that one you should check it out before you type sensitive information.
# posted by Frederick @ 9:42 PM Email to a friend:
Haloscan: they provide trackback