Thursday, June 28, 2007

How to avoid Phish Hooks

 I get quite a few questions thrown at me as a tech consultant/repair guy. Many have to do with the web, email, back-ups and a host of other cyber related issues that I may not have even heard of until that moment. 

Phishing is a major one. pronounced just like the activity "fishing". For a perfect definition go to "http://en.wikipedia.org/wiki/Phishing". This is so dangerous that everyone with an email is a potential or future victim. Our children, our parents, our grandparents, I don't know about you but I know some older people that click on everything and then wonder why they are getting so much junk mail. I'm sorry, that sounds harsh, but our elders come from a generation where it's impolite to ignore things like the phone and someone knocking on your door and even mail. They don't realize that it's ok  to ignore emails and it's ok to delete them too. Also some older people I've dealt with think all the email they get is personally aimed at them, they don't understand that they're NOT the target audience for breast implants and they take it personally.

Paypal and Ebay are 2 of the biggest targets for these "evil-doers". The worst part is that the emails look very legit. They have the logos, the return email address even the code behind the email looks real. So...

  • How do you protect yourself? 
  • How do you tell the difference between fake and real?
  • How do you get them to stop? 

I'll try to answer what I can, most of these answers are what I told my clients and friends.

If it's too good to be true, then it IS too good to be true. You can tell all the email "newbies" because one of the first emails they send out to everyone on their mailing list is the "Bill Gates will give you money for forwarding this email" email (you know who you are). If this were true, there would be millionaires popping up all over the world and Bill Gates would be broke. 

Don't believe everything you read on the internet, for that matter don't believe everything you read in a book either, but at least publishing a book takes some serious effort so you hope that the author took responsibility in what was written. Emails on the other hand don't cost anything to write and send out. Some websites can be put up for free too. They don't see their victims so "out of sight, out of mind". It's not their fault if you happen upon their site and decide to go as far as to send them money (we're talking extremes here)


So how do you protect yourself? How do you tell the difference between fake and real?

There are a few ways: 

1- never click on any link on the email. if there is a "close window" link or button on the window or email... DON'T TRUST IT!! I cannot stress this enough. just because the link says "close window" does NOT mean that that's what it's going to do. There could be some nefarious code behind the link that we don't know of. Just close the window the safe way, the RED button on a Mac or the X on a PC. 

2- Something that has worked wonders for me and a few other people is, create other emails for yourself. I have one for my ebay and paypal, one for my business and 2-3 for just junk. I know for a fact that if I get any emails saying "your account is about to be closed if you don't act fast..." (I try not to laugh too loud.) I know that it's not true because my account is not with that email to begin with. So it's easier to ignore.

3- Todays browsers have the "auto-fill" feature, which I love, but I don't use it for the crucial websites. I use it for the forums I'm a member of and a few other things but never sites where money is involved. it's best to memorize your passwords or keep written down in a good old fashion notebook. how you protect THAT is your business.

4- If you feel the urge to check out the email to see if it's real, don't click on any link. Close the suspect email and then go to the website on your own.  Ebay and Paypal will NEVER  EVER send you an email of this kind. They only send out the holiday "see what's new at Ebay" kind of emails.  If they have an urgent message for you, they will post it on your account on their site and you can check it only when you sign in.


How do you get them to stop? 

1-one of the problems with email is the vast amounts of it. some of it may be your fault and the rest not. Most emails have an "unsubscribe" link. That's very helpful and it also happens to be the law now. I myself only click on those unsubscribe links if it was something I subscribed to in the first place. If it's something that you DIDN'T ask for, I suggest  that you don't click the unsubscribe link, many times it's a "phisher" looking for real email addresses out there. They send out thousands of these things not all of them are legit emails and many could have been canceled email names. They want you to click that unsubscribe link so they can hook you.

2- If you have a Mac and you think, "oh Macs don't get viruses, it's ok if I click this button to see what happens, I just won't type anything" Don't do it!!!!!! Viruses aren't the only things that can hurt a computer Mac or PC, it doesn't matter. there are a host of other baddies out there. 

3- Don't enter the "GET A FREE IPOD" contests or anything like it. They just want your information. This one is geared towards our teens and again it looks real, trust me I never heard of ANYONE ever getting a free ipod.


Finally, There are many other things you can do to protect yourself, WAY too many for this blog, Phishing will never end, no matter what laws are passed, they will always find a loophole. 

In the end it's up to you to protect yourself. I just threw a few ideas your way.

2 comments:

Anonymous said...

Here I thought that Machinations was impervious to any cyber attacks :P and by the way you also worked in Spider-Man 2099 as well!!!

You should blog about the present state of comics

Marcus

Harry Candelario said...

and DOOM 2099 too, but I wish to have done Calvin & Hobbes 2099