My Online Security

As PC and browser security closes more and more holes, hackers are spending more time and effort finding ways to try to trick you into giving them access to your PC or giving up your personal data.

Phishing, or fraudulent e-mails posing as legitimate messages, remains a popular tactic by hackers. There’s little technical knowledge required to set up a phishing scam. All a person has to do is set up a real-looking Web site and spam hundreds of thousands of e-mail addresses, and wait for an unsuspecting victim.

Bank-related phishing e-mails remain the most popular, because we all notice a message from our bank and are likely to feel a sense of urgency to act. One common format is the “warning” e-mail. Ironically, hackers will base the theme on the premise that your account has already been hacked! One phishing e-mail I recently received came with the subject line, “Suspicious Activity Logged on Your Account – Please Respond Immediately.” The e-mail had very convincing graphics, and sounded alarming. I instinctively knew it was a fake, but because the e-mail did happen to branded with my bank’s name, just in case I called to make sure there were no issues with my account.   If you ever question an e-mail from a bank or credit card institution, just call you bank’s main number (but NOT the one in the e-mail…hackers use fake numbers too).

PayPal and eBay are also common themes used in phishing e-mails. In fact, a week ago I surfed over to Phishtank.com, a reporting site for phishing Web sites. Out of the top 50 most recently reported, 18 were fake PayPal sites, 6 were fake eBay sites, 22 were banks, and 4 were misc (including a fake MSN login Web site and a UK customs site).

There are two new ones that recently showed up in my inbox that I haven’t seen before. The first was from FedEx, telling me that my package was not delivered. Since I had recently sent a package, I was fooled!  Luckily, when it asked me to track the package using my credit card, I wised up and went directly to FedEx.com to track my package (it had been delivered).

The second was from a dating site. The phishers put together a realistic looking dating site and ask you to join. It looks like a scheme to capture your passwords (based on the assumption you use the same or similar passwords for many different sites).

The lesson? Phishing e-mails have not abated. So when you receive a suspicious e-mail in your inbox, be wary. And when in doubt, use the phone. Your bank (assuming it’s still in business!) and other financial institutions won’t mind.