by Steve Shank

Very important: New Security threat.

What is it and How extensive is it?

Phishing is the name being applied to a significant new security threat. The Gartner Group estimates that 57 million U.S.

Internet users have received fraudulent e-mail linked to phishing scams, and that 3 percent of them, or 1.7 million people, may have been tricked into divulging personal information. U.S. banks and credit card issuers report phishing cases cost them roughly $1.2 billion last year. Phishing attacks use 'spoofed' e-mails and fraudulent websites designed to fool recipients into divulging personal financial data such as credit card numbers, account usernames and passwords. By copying the trusted brands of well-known banks, online retailers and credit card companies, phishers are able to convince 3%-5% of recipients to respond to them.

What does it look like?

You get an e-mail from your bank or eBay or PayPal. From some trusted institution. It displays the logo of that institution. It looks real. It's telling you that you have not used your account recently, so it's going to be closed down, or your credit card's been rejected, or eBay needs to check something, and please click on the link below to their site, and confirm your account information.

You click on the link that they provide and it goes to their site. The address bar on the top says it is their site, PayPal.com or your bank or eBay. The appropriate of logos are there. You log in using the login information, and it presents the login screens just like the company normally does. You enter your account information from the user entry form; putting in your password, filling in the forms and you verify your information. Your identity has just been stolen.

How does it work?

The link on the e-mail doesn't really go to where they say it goes. It goes to the thief's site. When you get to their site, they display the logos of the copied site, and a pop-up ad. They place the pop-up directly over the address bar, and it shows the bank's URL in the pop-up's address bar. Everything else is quite easy. They have a JavaScript in their pop-up, which allows you to go to another site so the phony address bar actually acts like a normal address bar. How do you protect yourself?

1. Never click on an e-mail link to PayPal or your bank or other trusted vendor unless they are responding directly to your recent action. For example, if you bought software from them, they might send you a download link. Or, if you bought a book at Amazon, they will send you a tracking link. But NEVER use email links sent to you "out of the blue." Instead open your browser and go to their site. Or, you can telephone them. Do not use the telephone number from the Email!
2. Use an alternative browser or change how IE looks. They can't pop up a phony address bar over your address bar, if your address bar isn't where they think it'll be. If your browser doesn't look like standard Internet Explorer, then the phony address bar will look weird. - I have a related article on Alternative Browsers. Simply using a different Windows theme will give you some protection.
3. Use a pop-up blocker. I have a new article in this issue on pop-up blockers.
4. Use the latest version of WinPatrol to lock your Hosts file.
These 4 safety measures along with vigilance should keep you safe from this one.

Further reading:

http://www.antiphishing.org/index.html

http://briansbuzz.com/w/040506/#top1

More articles by this author can be found at:
http://www.steveshank.com/Newsletters/Newsletters.htm

Copyright © 2004 Steve Shank