|
|
ONLINE FEATURES
Book Reviews
BW Video
Columnists
Interactive Gallery
Newsletters
Past Covers
Philanthropy
Podcasts
Special Reports
BLOGS
Auto Beat
Bangalore Tigers
Blogspotting
Brand New Day
Byte of the Apple
Economics Unbound
Eye on Asia
Fine On Media
Green Biz
Hot Property
Investing Insights
Management IQ
NEXT: Innovation
NussbaumOnDesign
Tech Beat
Working Parents
TECHNOLOGY
J.D. Power Ratings
Product Reviews
Tech Stats
Wildstrom: Tech Maven
AUTOS
Home Page
Auto Reviews
Classic Cars
Car Care & Safety
Hybrids
INNOVATION
& DESIGN Home Page Architecture Brand Equity Auto Design Game Room SMALLBIZ Smart Answers Success Stories Today's Tip INVESTING Investing: Europe Annual Reports BW 50 S&P Picks & Pans Stock Screeners Free S&P Stock Report SCOREBOARDS Hot Growth 100 Mutual Funds Info Tech 100 S&P 500 B-SCHOOLS Undergrad Programs MBA Blogs MBA Profiles MBA Rankings Who's Hiring Grads | |
MAY 24, 2004
By Amey Stone How to Avoid the "Phish" Hook Don't get reeled into handing over your personal info at fake versions of legit sites. Here are some easy ways to protect yourself "Urgent notice from eBay," read the subject heading of an e-mail I received recently. It alerted me that I had "unpaid activities" on the eBay (EBAY ) site, possibly because my billing information was out of date. "Failure to update will result in cancellation of service," it warned. To resolve this problem, I should go to the Web address included in the e-mail right away, log in, and update my credit-card information. I'd been phished! Just as I suspected, the link took me to a phony Web site, which looked exactly like an eBay site and prompted me to divulge my user name and password. I resisted the temptation, but not all Net users would have known what to do in that situation. "Phishing" is Web lingo for the practice of cyber scammers sending out millions of e-mails hoping to reel in a small percentage of Internet users who will supply them with valuable personal information. Typically, the e-mail preys on individuals' fears that they have a problem with an online account. It links them to a fictitious (or "spoof") site, where they're urged to supply a password, Social Security number, or credit-card account number. GETTING SLICKER. In the eBay-related phishing attack I encountered, the online scammer was likely hoping to hook the password of a reputable eBay dealer and then fraudulently list items on the account -- with the intent of collecting cash without having to fill an order, says Rob Chesnut, deputy general counsel at eBay. For other scammers, the goal may be credit-card fraud or wholesale identity theft. As phishing has exploded in frequency and sophistication, nearly every major financial-services company or online retailer has been targeted, according to security experts. Research firm Gartner, which estimates that as many as 57 million Americans have received this kind of fraudulent e-mail, puts the cost to banks, credit-card companies, and online shopping sites last year at $1.2 billion. In a survey released May 6, Gartner found that as many as 3% of online users (an estimated 1.78 million adults) had responded to phishing attacks by divulging personal information in the past year. "Attacks are getting much cleverer," says Phil Libin, president of software maker CoreStreet, which on May 3 released a free program called SpoofStick that helps users recognize spoof sites. Where the phishing e-mails were once almost always unprofessionally worded and the spoofed sites clearly fake, now "it's pretty hard to tell," he says. As good as phishing attacks are getting, you can take some relatively easy steps to evade them, and some new technologies are available to help. Here are six ways to avoid getting hooked: 1. Be suspicious of requests for personal information. Financial-services companies and online retailers will e-mail you ad nauseam about special offers and promotions. But these days, they're unlikely to ask you for personal information in an e-mail. Says eBay's Chesnut: "We've altered our practices and are far less willing to e-mail someone regarding their account or finances." That's not always the case, but if you're suspicious of an e-mail, look closely at the wording and you may soon realize it's a scam. My review of the phishing e-mails I have received in recent weeks shows that even though they're generally more professional looking, most contain typos, misspellings, or ungrammatical constructions. For example, one recent phishing e-mail warned, "If the account information is not updated to current information within 5 days then, your access to bid or buy on eBay will be restricted." Note the awkward wording as well as the comma in the wrong place -- mistakes you can bet eBay's crackerjack communications team wouldn't make. 2. Don't click the link. This is the simplest advice, if in some ways the least satisfying, for avoiding phishing attacks. If an e-mail gets you worried about the status of your eBay account, for example, just type the URL of eBay's homepage in your browser and log in that way. If a problem with your account really exists, customer service will likely contact you right away via a pop-up window, says Chesnut. A variant of this rule: "Never give your personal information unless you have initiated contact with the merchant," says Neal Creighton, president and CEO of security firm GeoTrust. It's a good rule of thumb in any online transaction.
BW MALL
SPONSORED LINKS
Buy a link now! | | |
 Copyright 2004, by The McGraw-Hill Companies Inc. All rights reserved.Terms of Use | Privacy Notice |
Printer-Friendly Version
