Phishing and E-Mail Safety

Unlike malicious code, phishing is an effort to trick people into giving up information which would provide its authors with usernames, passwords, bank account information and even enough information to steal someone's identity.

Some phishing methods are designed not to directly steal information, but to trick computer users into allowing Trojan horses to be installed on their computer which then can be even more effective in stealing information.

Phishing is the term given to e-mail messages that are designed to trick recipients into believing that the message is from someone else. The messages are designed to look official, often using the same graphics as the alleged sender and include some links to that web site to increase credibility. Computer users need to be careful when reviewing e-mail.

How do you spot a phishing message?

1. Consider the policies of the purported sender. E-Bay and PayPal (the same company) state that they will never ask for personal information in an e-mail. That policy is common. If you get an e-mail message which you think might be legitimate but aren't sure, it would be a good idea to go to the related web page (not using any links in the message) and look for the company's policies for handling personal information. Web sites that provide you with an account - such as e-Bay - give you another way to check out claims that the web site has "lost your information." Log into the account and see if everything is okay.
2. You can't trust the address that appears in the message, as there doesn't have to be a relationship between the address in the message and the link behind it. Hold the cursor over the links in the message and look to the bottom of your e-mail window to see the address behind the link. If the address appears very strange, or consists mainly of numbers, there is a great likelihood that the message is fraudulent.
3. Look at the spelling and the grammar in the message. It seems that all of the phishing messages I've received are filled with errors, indicating that the message may have come from a country where English is not the first language.

I have some phishing examples that demonstrate these issues.

E-Mail Safety

One of the most important things you can do to protect your computer and your finances is to be careful about the handling of e-mail you receive.

Most users have learned to simply delete the so-called "Nigerian" e-mails offering millions of dollars for doing very little. Other offers are easy to see as fraudulent and are more of a nuisance than anything else.

You should be wary of any attached file that you receive by e-mail, even if it comes from a person who you know. If it is a file you are expecting, it's a good idea to have your anti-virus program check the file before trying to open it. If you weren't expecting it, either delete it or send an e-mail back to the sender asking them what the file is before attempting to open it. If the sender doesn't know what the file is, it's probably because it was generated by a virus and contains a virus.