|
|
ONLINE FEATURES
Book Reviews
BW Video
Columnists
Interactive Gallery
Newsletters
Past Covers
Philanthropy
Podcasts
Special Reports
BLOGS
Auto Beat
Bangalore Tigers
Blogspotting
Brand New Day
Byte of the Apple
Economics Unbound
Eye on Asia
Fine On Media
Green Biz
Hot Property
Investing Insights
Management IQ
NEXT: Innovation
NussbaumOnDesign
Tech Beat
Working Parents
TECHNOLOGY
J.D. Power Ratings
Product Reviews
Tech Stats
Wildstrom: Tech Maven
AUTOS
Home Page
Auto Reviews
Classic Cars
Car Care & Safety
Hybrids
INNOVATION
& DESIGN Home Page Architecture Brand Equity Auto Design Game Room SMALLBIZ Smart Answers Success Stories Today's Tip INVESTING Investing: Europe Annual Reports BW 50 S&P Picks & Pans Stock Screeners Free S&P Stock Report SCOREBOARDS Hot Growth 100 Mutual Funds Info Tech 100 S&P 500 B-SCHOOLS Undergrad Programs MBA Blogs MBA Profiles MBA Rankings Who's Hiring Grads | |
MAY 24, 2004
By Amey Stone How to Avoid the "Phish" Hook [Page 2 of 2] 3. Try some of the new Web tools that unmask fake sites. CoreStreet's Spoofstick works as an extension to Internet Explorer or Mozilla FireFox browsers. It alerted me instantly that I wasn't really on eBay -- I was on "www.com.1.vg.com" -- when I linked from the phishing e-mail I described. "It's not like your browser is being fooled," says Libin. "It just won't tell you where you are." (That's mainly because Web-site addresses can be so long and confusing.) SpoofStick may still not be foolproof if a spoof site is a "close cousin" domain name that sounds legit, like "eBaysecure," for example, says Jonathan Penn, an analyst specializing in messaging security at Forrester Research. Still, I've found it to be a handy tool for unmasking fakes. eBay and Internet service provider Earthlink (ELNK ) recently added a similar feature to their toolbars. Best of all, these two outfits are sharing their lists of confirmed spoof sites, making the roundup much more robust. There's even a button to report a spoof site, which means frauds will get uncovered quicker. "You'll see more companies working together like this to share lists," says Chesnut. 4. Contact your credit-card company, bank, or the Web site immediately, if you suspect you've been hooked in a phishing attack. One reasons phishing succeeds so often is that it plays on people's fears, inciting them to act before they think. (That's also why security experts believe it's not enough just to educate consumers to be wary of these scams -- they have to stop the bogus messages before they reach the in-box.) If you realize you've entered your personal information on a fraudulent site, get on the phone with your credit-card or bank customer service right away, and you may avoid any damage. A lot of personal data collected via phishing is sold on the black market and not used right away. One tip security experts recommend: Always use the same credit card online, so you can check on your account easily. 5. Lobby your ISP to do something about the problem. Internet users shouldn't have to be constantly on their guard to avoid scams, say security experts. Much of the pain Internet companies are experiencing due to scams like phishing and spoofing is ultimately their fault for failing to present a consistent image (using lots of different domain names, for example) and making it too easy for scammers to pretend they're someone else. "They haven't been consistent in their online persona," says Penn. "They've spent years ingraining bad practices" in users and "training people to just do whatever," he says. "You can't untrain them." ISPs should adopt technologies to eradicate this problem. For example, mail programs could validate that e-mail really comes from a server associated with the same Internet-protocol (IP) address. Likewise, companies could adopt better antispam tools that distinguish legitimate (or certified) mass e-mailers from phishers. "You should be able to get an e-mail, and if it says it's from eBay, know it's from eBay," says Libin. As the technology improves and is more widely adopted, someday soon you'll be able to know that. 6. Warn family and friends who may be new to the Internet and susceptible to scams. For now, spreading the word about phishing and spoofing is the best defense. "Sophisticated users need to think of anyone they know who wouldn't be aware" of the potential for fraud, says Libin. "Sit down with them and explain what to do." If phishing and spoofing continue to succeed so often, they'll contribute to a general sense among the public that doing business online makes one vulnerable to fraud, warn security experts. Online companies need to do more, "or it will absolutely start eroding trust," says Creighton. As phishing attacks become more skillful, consumers have to be vigilant as well. A little thought before acting on a threatening e-mail can go a long way. "People should keep this in perspective," says Libin. "It doesn't have to be that damaging if you don't let it be."
 Stone is senior writer for BusinessWeek Online in New York Edited by Beth Belton
BW MALL
SPONSORED LINKS
Buy a link now!Get BusinessWeek directly on your desktop with our RSS feeds.  Add BusinessWeek news to your Web site with our headline feed. Click to buy an e-print or reprint of a BusinessWeek or BusinessWeek Online story or video. To subscribe online to BusinessWeek magazine, please click here. Learn more, go to the BusinessWeekOnline home page  | | |
 Copyright 2004, by The McGraw-Hill Companies Inc. All rights reserved.Terms of Use | Privacy Notice |
Printer-Friendly Version
