I have read several accounts where people have been "hacked" in games and in real life. Alot of these Hacks have actually been successful phishing expeditions.
While this may seem common sense to most computer savvy people I would be amazed if this has never occured to some reading this forum. That said I made this general write up that may save someone alot of pain and suffering.
In order to protect yourself from phishing you first need to know what it is and why the bad guys do it. The Webopedia defines phishing as:
“(fish´ing) (n.) The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user’s information.”
(Underlined areas can be CTRL+ Clicked for further information courtesy of Internet.com)
Put simply; Phishing is the act of sending you an E-mail trying to get your information so that the bad guys can access your money. Make no mistake; this is a very real, and very potent, threat to your livelihood.
In most cases the bad guys are after your money. (Isn’t everyone) But in some cases they can take much more. Sound scary? Think on this: Conceivably a “phisher” can take everything you have, including your name!
Here is an example of a phishing attempt for money:
From: "[email protected]" <[email protected]> Add to Address Book Add Mobile Alert
Subject: Notification of Limited Account Access
Date: Wed, 14 Jun 2006 09:22:57 -0400
Dear valued PayPal® member,
It has come to our attention that your PayPal® account information needs to be
updated as part of our continuing commitment to protect your account and to
reduce the instance of fraud on our website. If you could please take 5-10 minutes
out of your online experience and update your personal records you will not run into
any future problems with the online service.
However, failure to update your records will result in account suspension.
Please update your records on or before June - 15 - 2006.
Once you have updated your account records, your PayPal® session will not be
interrupted and will continue as normal.
To update your PayPal® records click on the following link:
http://www.paypal.com/cgi-bin/webscr?cmd=_login-run
Thank You.
PayPal® UPDATE TEAM
Accounts Management As outlined in our User Agreement, PayPal® will
periodically send you information about site changes and enhancements.
Visit our Privacy Policy and User Agreement if you have any questions.
http://www.paypal.com/cgi-bin/webscr?cmd=p/gen/ua/policy_privacy-outside
Yes, it looks quit legitimate and even looks like it is from Paypal. If you use Paypal*, you probably get emails that have the same look every time you make a deposit or withdrawal. As a transaction copy. To protect yourself from this particular type of phishing is relatively simple and easy when you know the fact that no legitimate business will send you an e-mail requiring you to input information that they already have. Remember; any email you get requiring verification, updates, or logging in to your account with a link is almost surely an attempt at stealing from you!
What do you do if you get an e-mail that looks suspicious?
The first thought that comes to mind is to click on the link to find out where it goes. It is a big temptation sometimes, but don’t do it. When you click on the link you have confirmed to the bad guys that they have a valid e-mail address. Just like the fisherman who can’t get a bite on one bait, they will keep chucking different ones at you hoping you mess up and get hooked.
Send it to the company it says it comes from. In this case I forwarded it to [email protected]. Generally you will get a confirming e-mail that they have received your e-mail and that they will check into it. Once they find that the offending e-mail is an attempt at phishing they let you know. As Paypal, E-bay, and the other companies, rely on secure transactions to stay in business, they are very aggressive in closing down the sites that collect such information.
O.K. so you didn’t know about phishing and you did all the things you needed to do to “verify” your account. You gave your information to the bad guys and you realized that you screwed up. Now what? As soon as you can, like Immediately, go to the real site via your web browser and change your password! Then contact the site and tell them what happened. Yes it is a pain in the butt to have your account frozen for a few hours or days till they can verify no fraudulent transactions have been made. But it’s much preferred over loosing your money and reputation.
Paypal has a good link for information on what to do if you think you have been the target of an attack at http://www.paypal.com/cgi-bin/webscr?cmd=_security-center-outside.
Another type of phishing that seems to be popular uses a slightly different strategy. Instead of asking you to verify account information, it shows as a receipt for something that you purchased on line. The bad guys know you didn’t buy it of course. And they have added a link where you can “dispute” the purchase. If you click on the link you find yourself on a website that appears to be the official login page of your bank, E-bay, or other financial institution. (Like Paypal) Once you log in to “dispute” the purchase you have been hooked!
One thing that help to avoid loosing control of your on line information is to know where you are in the web-verse. The site address in the address window should always begin with the address of where you want to go. For instance ebay.com. If it has anything before Ebay.com other than the http: be suspicious! If it says http: eloign.com\ebay.ch it is a fake and you should not enter any information at all. Report it immediately to [email protected].
Another thing to look for is the secure site icon. Personal information is securely encrypted by any legitimate business. No little lock icon = almost certainly a fake.
A third method to protect yourself is the use of site certifications. You can change your internet security settings to require certifications. This will not allow entry to sites without a valid certification. Since most fraudulent sites don’t have certifications it will definitely lower your risk.
According to Wikipedia; “Nearly all legitimate email messages from companies to their customers will contain an item of information that is not readily available to phishers. Some companies, including eBay and PayPal, always address their customers by their username in emails, so if an email addresses a user in a generic fashion ("Dear valued eBay member") it is likely to be an attempt at phishing.”
Wikipedia has an excellent write up on phishing at:
http://en.wikipedia.org/wiki/Phishing#Phishing_techniques
As phishing and other fraudulent activity evolves, the methodology and styles will become harder and harder for the average person to detect. But there is one methodology that can make you a much harder target for the bad guys. That is simply not to respond to any e-mails. That’s right…none. If you get an e-mail from a bank or auction house, drop from email and open your browser. Go to the site the e-mail is supposed to be from and log into your account there. This insures that you are actually on the account and not on a site collecting your information!
*Paypal, Ebay, Wikipedia, Webopeida, and any other companies mentioned are their own entities and the names are used here for reference only.
While this may seem common sense to most computer savvy people I would be amazed if this has never occured to some reading this forum. That said I made this general write up that may save someone alot of pain and suffering.
In order to protect yourself from phishing you first need to know what it is and why the bad guys do it. The Webopedia defines phishing as:
“(fish´ing) (n.) The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user’s information.”
(Underlined areas can be CTRL+ Clicked for further information courtesy of Internet.com)
Put simply; Phishing is the act of sending you an E-mail trying to get your information so that the bad guys can access your money. Make no mistake; this is a very real, and very potent, threat to your livelihood.
In most cases the bad guys are after your money. (Isn’t everyone) But in some cases they can take much more. Sound scary? Think on this: Conceivably a “phisher” can take everything you have, including your name!
Here is an example of a phishing attempt for money:
From: "[email protected]" <[email protected]> Add to Address Book Add Mobile Alert
Subject: Notification of Limited Account Access
Date: Wed, 14 Jun 2006 09:22:57 -0400
Dear valued PayPal® member,
It has come to our attention that your PayPal® account information needs to be
updated as part of our continuing commitment to protect your account and to
reduce the instance of fraud on our website. If you could please take 5-10 minutes
out of your online experience and update your personal records you will not run into
any future problems with the online service.
However, failure to update your records will result in account suspension.
Please update your records on or before June - 15 - 2006.
Once you have updated your account records, your PayPal® session will not be
interrupted and will continue as normal.
To update your PayPal® records click on the following link:
http://www.paypal.com/cgi-bin/webscr?cmd=_login-run
Thank You.
PayPal® UPDATE TEAM
Accounts Management As outlined in our User Agreement, PayPal® will
periodically send you information about site changes and enhancements.
Visit our Privacy Policy and User Agreement if you have any questions.
http://www.paypal.com/cgi-bin/webscr?cmd=p/gen/ua/policy_privacy-outside
Yes, it looks quit legitimate and even looks like it is from Paypal. If you use Paypal*, you probably get emails that have the same look every time you make a deposit or withdrawal. As a transaction copy. To protect yourself from this particular type of phishing is relatively simple and easy when you know the fact that no legitimate business will send you an e-mail requiring you to input information that they already have. Remember; any email you get requiring verification, updates, or logging in to your account with a link is almost surely an attempt at stealing from you!
What do you do if you get an e-mail that looks suspicious?
The first thought that comes to mind is to click on the link to find out where it goes. It is a big temptation sometimes, but don’t do it. When you click on the link you have confirmed to the bad guys that they have a valid e-mail address. Just like the fisherman who can’t get a bite on one bait, they will keep chucking different ones at you hoping you mess up and get hooked.
Send it to the company it says it comes from. In this case I forwarded it to [email protected]. Generally you will get a confirming e-mail that they have received your e-mail and that they will check into it. Once they find that the offending e-mail is an attempt at phishing they let you know. As Paypal, E-bay, and the other companies, rely on secure transactions to stay in business, they are very aggressive in closing down the sites that collect such information.
O.K. so you didn’t know about phishing and you did all the things you needed to do to “verify” your account. You gave your information to the bad guys and you realized that you screwed up. Now what? As soon as you can, like Immediately, go to the real site via your web browser and change your password! Then contact the site and tell them what happened. Yes it is a pain in the butt to have your account frozen for a few hours or days till they can verify no fraudulent transactions have been made. But it’s much preferred over loosing your money and reputation.
Paypal has a good link for information on what to do if you think you have been the target of an attack at http://www.paypal.com/cgi-bin/webscr?cmd=_security-center-outside.
Another type of phishing that seems to be popular uses a slightly different strategy. Instead of asking you to verify account information, it shows as a receipt for something that you purchased on line. The bad guys know you didn’t buy it of course. And they have added a link where you can “dispute” the purchase. If you click on the link you find yourself on a website that appears to be the official login page of your bank, E-bay, or other financial institution. (Like Paypal) Once you log in to “dispute” the purchase you have been hooked!
One thing that help to avoid loosing control of your on line information is to know where you are in the web-verse. The site address in the address window should always begin with the address of where you want to go. For instance ebay.com. If it has anything before Ebay.com other than the http: be suspicious! If it says http: eloign.com\ebay.ch it is a fake and you should not enter any information at all. Report it immediately to [email protected].
Another thing to look for is the secure site icon. Personal information is securely encrypted by any legitimate business. No little lock icon = almost certainly a fake.
A third method to protect yourself is the use of site certifications. You can change your internet security settings to require certifications. This will not allow entry to sites without a valid certification. Since most fraudulent sites don’t have certifications it will definitely lower your risk.
According to Wikipedia; “Nearly all legitimate email messages from companies to their customers will contain an item of information that is not readily available to phishers. Some companies, including eBay and PayPal, always address their customers by their username in emails, so if an email addresses a user in a generic fashion ("Dear valued eBay member") it is likely to be an attempt at phishing.”
Wikipedia has an excellent write up on phishing at:
http://en.wikipedia.org/wiki/Phishing#Phishing_techniques
As phishing and other fraudulent activity evolves, the methodology and styles will become harder and harder for the average person to detect. But there is one methodology that can make you a much harder target for the bad guys. That is simply not to respond to any e-mails. That’s right…none. If you get an e-mail from a bank or auction house, drop from email and open your browser. Go to the site the e-mail is supposed to be from and log into your account there. This insures that you are actually on the account and not on a site collecting your information!
*Paypal, Ebay, Wikipedia, Webopeida, and any other companies mentioned are their own entities and the names are used here for reference only.