This article is a part of the series on undesired email (spam, phishing, viruses, etc.). The material covers the Poisons and the Remedies.
By Stas Bekman.
Published: May 15th 2006
Phishing is a relatively new phenomenon. It's really the same as social engineering, but rather than working on one victim at a time, email allows to fool thousands of people at once. A typical phishing email contains a message which seems to be very similar to the usual email you get from your bank, where the somehow try to make you give them your bank credentials. There are many variations, but the typical one is where they suggest that your account was hacked and they need your login/password to fix it. Once you naively give them your credentials (of course you are worried about your bank) they go and take your money. They don't need to rob your bank, they just impersonate you and take your money.
The main solution in this case is making people aware of this threat. However there are many computer illiterate people out there, especially older people who didn't grow up with computers, who are usually the victims. So do your parents and grandparents a favour and explain the threat to them.
If you don't do any online banking or shopping, you can safely delete all those email. However if you do, you need to be careful about any emails that seem to be coming from your bank. On way to overcome the problem is to never click on anything in your email, but to always go to your browser and type your bank's URL by yourself. (unrelated to phishing but this might be unsafe either since there is another attack called DNS-poisoning where instead of sending you to your bank's real site you are instead redirected to a different site, which looks like your site. If you fall a victim to this attack, which you can quickly detect since you won't see your normal account information - contact the bank immediately and disable your account before they take your money out).
Another approach (requires a bit of technical knowledge) is to
look a the HTML source of the email (if you read it as HTML) and
check that the links indeed point to your bank and not to some
rogue address. A phishing email will usually include a link, which
will look like: My bank. When you look at the HTML source
that rogue link will show as: <a
href="http://phishers.domain.or.ip/login">My
bank</a>
and not <a
href="http://your.real.bank's.ip/login">My
bank</a>
.
Here the stake is much higher, so even if each email sending were to incur a small monetary damage, phishing would have probably continued anyway.
Phishers get smarter all the time and improve their social engineering skills. They also collect more and more personal information making it really hard to tell whether the email you've received is legitimate or not.
Read about the Remedies to learn how to deal with the problem.
And here are some pointers for additional information on the subject:
| The
Anti-Phishing Working Group (http://www.antiphishing.org/) Hooked
On Phishing (http://www.forbes.com/2005/04/29/cz_0429oxan_identitytheft_print.html) Reading Email
Headers (http://www.stopspam.org/email/headers.html) MillerSmiles.co.uk (http://www.millersmiles.co.uk/) What
Is Phishing (http://www.oreillynet.com/lpt/a/6274) |
And here you can find books that will provide an indepth coverage of phishing and related material:
Continue reading about other email-related Poisons or jump into the Remedies section.