Monday, April 07, 2008

How a street-smart user handles a suspicious situation 

I needed some information from my bank about an outstanding loan, clicked the relevant link, and wound up at a page telling me I needed to re-establish my online account.

This made me wonder "where am I"? I checked my anti-phishing Firefox extension and found that I was on a site I'd never been to before.

At this point, two of my suspicion flags had been triggered. First, someone was asking for credentials after I'd already logged in, second, I wasn't on my bank's web site any more.

I was at .loanadministration.com. I wondered whether that was legitimate. Some phishing sites have had names like that.

Phishing sites pop up and disappear in a matter of days, so I figured I'd check whether it had been around for a while. There are several ways to check that, but I simply Googled it and found plenty of references, including one that included a company name I recognized as my bank's outsourced loan processor.

So it was all right after all, but if you ever see a situation like that one you should check it out before you type sensitive information.

|

This page is powered by Blogger. Isn't yours?