September 4, 2008

Careful! Phishing season is open

By winecountrydog

It's a weird day when a dog's gotta worry about cyber-crime. A doggone weird day.

But it's impawtant to know about info security and be on the lookout fur cyber-mean humans taking advantage of everybuddy during a time when we're all looking at news about the hurricanes.

Actually, any time there's a disaster or other big media event, the cyber-meanies can't seem to resist creating phony websites with domain names that sound just like the real thing.

We need to research the website owners to see if they're legitimate charities. Otherwise, we could be giving our contact info and our donations to some Animal Hater Co. instead of an impawtant animal welfare organization like the Louisiana SPCA.

Come Stay Heal at Louisiana SPCA
Two paws up fur Stefanie Hoffman at The Channel Wire Blog fur bringing up phishing and other cyber-dangers in her piece "Phishers Exploit Hurricane Gustav, Hurricane Hanna."

We already know about spamming. Phishing is something we dogs need to be careful about, too.

Here's what ChannelWeb Encyclopedia tells us.
Pronounced "fishing," it is a scam to steal valuable information such as credit card and social security numbers, user IDs and passwords. Also known as "brand spoofing," an official-looking e-mail is sent to potential victims pretending to be from their ISP, bank or retail establishment. E-mails can be sent to people on selected lists or on any list, expecting that some percentage of recipients will actually have an account with the real organization.

E-Mail Is the "Bait"
The e-mail states that due to internal accounting errors or some other pretext, certain information must be updated to continue your service. A link in the message directs the user to a Web page that asks for financial information. The page looks genuine, because it is easy to fake a valid Web site. Any HTML page on the Web can be copied and modified to suit the phishing scheme.

Anyone Can Phish
A "phishing kit" is a set of software tools that help the novice phisher imitate a target Web site and make mass mailings. It may even include lists of e-mail addresses. How thoughtful of people to create these kits. In the meantime, if you suspect a phishing scheme, you can report it to the Anti-Phishing Working Group at (See pharming, vishing, and smishing.)

The "Spear" Phishing Variant
Spear phishing is more targeted and personal. The e-mail supposedly comes from someone in the organization everyone knows such as the head of human resources. It could also come from someone not known by name, but with a title of authority such as a LAN administrator. Once one employee falls for the scheme and divulges sensitive information, it can be used to gain access to more of the company's resources.
You can read Ms. Hoffman's phishing blog here.

You can visit ChannelWeb Encyclopedia to learn more definitions of information security issues and other computing and Web topics!

Photo credit: Jackson Hill Photography

No comments: