Archive for the 'anti-phishing' Category

02
Mar
09

some anti-phishing tips


I’m receiving dozens of phishing mails each day, like :

  • the bank’s database has been compromised, please register again
  • I had tried to login too many times, my account has been disabled, please register again
  • the bank decided to provide users with an application through which they will login, please run this file
  • the bank’s database has been lost, please register again
  • … and countless more

I’m sure many of you receive the same type of mails each day. Here are some tips that will help you decide whether such an email is true or not :

  • each mail in this category will have at least one link in it. Place your mouse over it, and check to see if the address it points to is really the bank’s address. If for example, your bank is Bank ABCDEF ( a fictional bank ), and your bank’s website is http://www.bankabcdef.com, then, when you hover the mouse over the link, you should see a link that belongs to that domain. If for example, you see something completely different, such as some-random-site-not-related-to-abcdef.com/whatever/bankabcdef/, DO NOT VISIT THAT SITE, because it surely will be a phishing attempt
  • if your mail service provider accepts javascript in the e-mails ( which is, in my oppinion, a terrible security flaw ), disable javascript. Javascript has a function named onMouseOver which can be used to spoof a link’s address
  • NEVER download & run any files you did not request
  • if, for example, the e-mail seems legitimate and has a phone number, I would suggest you don’t call that number. Instead use google to find the bank’s website, and get the phone number from there. Then, call the bank to check and see about possible account problems.
  • your browser will sometimes identify sites that are not what they claim to be, be cautious when that happens.

I hope these tips will help you !




Blog Stats

  • 223,712 hits