How to deal with Phishing
Mar 3rd, 2008 by ravishan
Phishing refers to the technique used by criminal elements to “fish” for personal information by pretending to send official E-mails.
Wikipedia describes it as “In computing, phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication.”
I am sure that many of you have received official looking emails from eBay, PayPal or your online bank and some may have either inadvertently clicked on a link in the email or responded to it. This posting was prompted by the most recent phishing attempt - an email from support@wesleyan.edu sent to some of the Wesleyan users on Feb 26, 2008 asking them to respond with their password. As soon as we found out about this, we took the necessary actions, such as blocking further emails from the computer that was sending these messages and informing our users not to respond to it.
There are excellent resources that provide advice on how to avoid phishing attacks and we provide links to a few of them below. Please take a few minutes to read them.
- How to Avoid Phishing Scams from the Anti Phishing Working Group
- Anti-Phishing Phil From CMU
- Recognizing phishing scams and fraudulent e-mails
If you receive any emails that request personal information such as password, credit card number or your bank account number, treat it with suspicion and DO NOT RESPOND TO IT IMMEDIATELY. Please note that ITS and most of the financial institutions will never request personal information be sent over Email. Consult with your financial institution or ITS on the legitimacy of such email - almost always, the answer is going to be “delete it”.
Basically, all of them advise you to:
- Be suspicious of any email that asks for your personal information.
- Avoid clicking on links in these emails (Instead, open a web browser and navigate to your financial institution’s website directly). Some of them can create such lasting damage to your system that you may have to reinstall the operating system from scratch.
- Always make sure that any website where you provide personal information shows a security lock.
So, how are the hackers able to do this?
- The first step is for them to collect millions of email addresses. Unfortunately, this is fairly easily done and there are many e-mail address harvesting programs that are out there to do the job.
- Then they simply steal the graphics and text styles used by the institution that they are trying to fake, so that the email looks legitimate.
- The final step is to make the emails to look as if it is coming from a legitimate email address. You might wonder how can someone not associated with Wesleyan can send an e-mail that appears to come from a valid wesleyan email address. The answer is that this is fairly easy to do, though in recent years the technology is making it harder to do.
This is a timely blog, as today I received an email designed to look like it came from the credit uniion. I immediately called them to make sure that I was correct in my feeling that it was not from them and it wasn’t.
Some students have been getting phishing attempt e-mails targeted at them from the Department of State Credit Union, spoofed to look as if it were from the actual address.
One thing to pay attention to is the link of the credit union email connects to a server.
I received another one pretending to be from the state department.
“http://61.221.40.44/icons/small/www.sdfcu.org/login/index.htm”
DO NOT CLICK THIS IS A PHISHING URL, I’m using this as an example
It pretends to be a top level domain .org, but really its just a folder in the server named as the url.
Its interesting how many wesleyan students are receiving these of late.
I recently started sending emails to myself regularly. Soon after I started doing this, I started receiving phishing attempts and spam from “myself”! At first I wondered whether or not my account had been hijacked, but after reading this article, the most likely explanation seems to be that the emails were not actually sent from my address.