idcloak on Google+

free web proxy

More options
Proxy server settings:


Security Essentials Of The Anti - Phishing Hero

Descriptive Image
Account Hacked

Way back in 2004 there was a lot of media hoo-ha about phishing – the name given to a form of cybercrime where internet users are tricked into divulging access to their financial account information. Indeed, most articles currently on the net about phishing scams were written in that year – all heralding a god-awful surge in phishing thefts that made online banking in 2004 seem like an Indiana Jones adventure. You can imagine my surprise therefore when I then discovered that the number of new phishing sites uncovered in 2004 were in the region of just 1,000 per month, while nowadays they stand between 10,000 and 20,000 a month.

Figures released for losses in the US in 2004 due to phishing attacks were put at $500 million, but in 2010 this figure was placed at $5 billion. I found this increase exceedingly odd for two reasons – one, nowadays there is very little media hoo-ha at all warning us of phishing scams, in fact one could be forgiven for thinking the problem went away in January 2005; and two, how is it that so many people are being successfully phished when protection from this form attack is, I hate to say it, horribly straightforward?

It occurred to me that what was needed right now was an Anti-Phishing Hero – a champion of free internet protection who could inspire internet users to wake up to the dangers of phishing and take up arms to protect themselves and their families against the nefarious designs of the phishing underworld. Upon this illustrious anti-phishing superhero we shall bestow the star-scribed name… Irene.

Irene, as her name may well suggest, is really only unique because she is the first superhero to be no better at anything than anyone else: a true hero of the people you might say. Irene cannot fly, she struggles like all of us to see through walls, and when she hits big metal things she too says Ow and rubs her hand – bad metal thing. Indeed, Irene only started using computers a couple of years ago when she retired and found the time to fiddle around with things at home, and as so, she still calls the windows on her screen boxes and is not yet entirely sure of the easiest way to close them. The one weapon Irene does have, however, is a smidgen of common sense locked-and-loaded with a fair bit of knowledge about phishing protection – and it is this modest arsenal that makes her impervious to even the most heinous of phishing attacks. Being such a nice old lady, Irena is more than happy to share some of her pearls of wisdom here with you.

What is Phishing?

Irene knows what it is. Phishing is an internet scam whereby cybercriminals lure users into divulging their account or credit card information, whereupon they can steal money from those accounts. Irene understands that there are no few unsavoury sorts prowling the internet in search of personal gain, and consequently she is not so quick to trust every Tom, Dick or Harry she encounters while surfing (a word Irene still uses regularly). Phishing is usually carried out through emails which invite Irene to fill-in a form and reply with personal and/or account information, or to click on a link to a site that masquerades as a legitimate site, again asking for information that will grant the cybercriminals access to Irene's much coveted state pension.

How do You Identify a Phishing Scam?

Irene noticed a pattern in phishing emails – they generally show up in her junk email folder, not in her inbox. Sure, sometimes she gets invitations from Tenbury Wells Window-Potting Society in her junk mail folder too – but she doesn't suspect these mails because she knows that society and they never ask her for her bank account information anyway. Occasionally though, Phishing scams find their way through her email provider's spam filters and land in her inbox. But Irene is prepared – she has seen examples of common Phishing emails from kindly sites such as this, and can smell them a mile off. They may look like the genuine article – beautiful copies of her online bank's emails, with images of the bank's logos in place and the name of the bank displayed in the From box, but a few little details gave them away:

For one, they don't use her actual name in the email – just Dear Customer. Phishers generally operate by sending thousands of mails out at once and even with a tiny success rate they are able to make a profit. It is very difficult for them to find a real name to accompany all those attacks.

Irene is no Jane Austen, but some of the spelling and grammar mistakes in these Phishing emails are deplorable. She almost feels like giving them a little money so that they might get themselves an education. The Phishing emails generally come in the form of a threat of danger (ie. there's been a security breach, send us information urgently to help us protect your account), or a promise of reward (congratulations, you have been nominated as best customer). Irene is way too clever to fall for this.

Part II: Protecting Yourself from Phishing Sites

Part III: Spyware and Keylogging

Part IV: Phishing Phone Calls and Instant Messages

Written by: 
Robin Welles; expats team, internet security team