|
Download a
copy of this letter here
/fiSHiNG/
noun: phishing
1.
the activity of defrauding an online account holder of financial
information by posing as a legitimate company.
Phishing is a type of Internet fraud that seeks to acquire a
user’s credentials by deception. It includes theft of passwords,
credit card numbers, bank account details and other confidential
information.
Phishing messages usually take the form of fake notifications from
banks, providers, e-pay systems and other organizations. The
notification will try to encourage a recipient, for one reason or
another, to urgently enter/update their personal data. Such excuses
usually relate to loss of data, system breakdown, etc.
Phishing attacks are becoming more advanced in their exploitation of
social engineering techniques. In most cases, fraudsters try to
frighten a recipient by providing a seemingly important reason that
the recipient should divulge their personal data. Such messages
usually contain threats to block an account if a recipient does not
fulfill the requirements therein. For instance, “if you do not
provide your personal data by the end of the week, your account will
be blocked”. Ironically, it is not unknown for phishers to make
reference to the necessity of improving anti-phishing systems as one
of the reasons for the disclosure of confidential information. A
typical ruse might be “if you want to secure yourself against
phishing, click the link and enter your user name and password”.
Phishers are becoming more and more sophisticated in designing
their phony web sites. There's no surefire way to know if you're on
a phishing site, but here's some hints that can help you distinguish
a real web site from a phishing site.
Often the web address of a
phishing site looks correct, but actually contains a common
misspelling of the company name or a character or symbol before or
after the company name. Look out for tricks such as substituting the
number "1" for the letter "l" in a web address (for example,
www.paypa1.com instead of www.paypal.com).
What are some recent examples of phishing attacks?
A recent e-mail scam asks PayPal customers
to provide additional information or risk getting their account
deleted because of changes in the service agreement. Recipients are
urged to click on a hyperlink that says "Get Verified!"
E-mails that look like they come from the FDIC include a subject
line that says "check your Bank Deposit Insurance Coverage" or "FDIC
has officially named your bank a failed bank." The e-mails include a
link to a fake FDIC site where visitors are prompted to open forms
to fill out. Clicking on the form links downloads the Zeus virus,
which is designed to steal bank passwords and other information.
E-mails that look like they come from the IRS tell recipients
that they are eligible to receive a tax refund and that the money
could be claimed by clicking on a link in the e-mail. The link
directs visitors to a fake IRS site that prompts for personal and
financial information.
A legitimate-looking Facebook e-mail asks people to provide
information to help the social network update its log-in system.
Clicking the "update" button in the e-mail takes users to a fake
Facebook log-in screen where the user name is filled in and visitors
are prompted to provide their password. When the password is typed
in, people end up on a page that offers an "Update Tool," but which
is actually the Zeus bank Trojan.
In this example we can see a very
useful way to identify the originating web-site. The trick is to
point at the link or logo, DON'T CLICK,
then read the hidden address. You will see that it's very
suspicious.
Characteristics
The content of a phishing e-mail
or text message is intended to trigger a quick reaction from you. It
can use upsetting or exciting information, demand an urgent response
or employee a false pretense or statement. Phishing messages are
normally not personalized.
Typically, phishing messages will ask
you to "update", "validate", or "confirm" your account information
or face dire consequences. They might even ask you to make a phone
call.
Often, the message or website includes official-looking
logos and other identifying information taken directly from
legitimate websites. Government, financial institutions and online
payment services are common targets of brand spoofing.
Catch
phrases:
E-mail Money Transfer Alert: Please
verify this payment information below…
It has come to our
attention that your online banking profile needs to be updated as
part of our continuous efforts to protect your account and reduce
instances of fraud…
Dear Online Account Holder, Access To Your
Account Is Currently Unavailable…
Important Service
Announcement from…, You have 1 unread Security Message!
We regret
to inform you that we had to lock your bank account access.
Call
(telephone number) to restore your bank account.
Example of a Phishing E-mail
With the recent increase in fraudulent activity, I thought a few
simple reminders may save some of my clients a lot of money and a
great deal of frustration.
1) Please be aware that
legitimate tradesmen and technicians do not make random phone calls.
Microsoft will not be calling to tell you that you have a virus on
your computer. (these types of phone calls occur hundreds of times
every day)
2) The FBI or the RCMP
will not be emailing you any warnings about your illegal software,
and they will not be demanding that you pay a $400.00 fine. (this
very common email scam will often result in the loss of all personal
data (pictures) on the victims computer).
3) There are no miracle
cures for your health or the health of your computer. Green coffee
beans and "Super System Sweeper" (or whatever free software), is a
scam and will do nothing useful. (these useless programs install
instantly when visiting random websites, you can tell by the extra
buttons added to your internet browser)
If you think you may have been scammed or
just want more info here is a great website from the Canadian
Government
http://www.antifraudcentre
It’s quite alarming how many people
are falling victim to these scams. My recent experience helping
computer users recover from this new threat has revealed that people
are being tricked into paying these companies $90 - $450.00 dollars.
If you have signed-up to a service contract and you believe it to be
a scam, the first thing you need to do is to call your credit card
company and cancel the card before the scammers can add more
charges, then you can report the scammers and ask for a “charge
back”. And lastly, get your computer’s security restored by a
professional.
George Rettich, Owner of
Webspinner Computer
Service.
604-318-1035
Abbotsford, BC.
Download a copy of this letter here
WEBSPINNER COMPUTER SERVICES
PRIDE IN SERVICE AND WORKMANSHIP |
