Every dad worth his weight in salmon eggs and shiny lures has at least one great fishing story-usually about the great catch that got away. Unfortunately, too few dads have stories about how they avoided getting caught in a different kind of fishing caper-the online variety known as “phishing.”
Phishing attacks are perpetrated by criminals using fake Web sites and other tactics to trick people into sharing personal information online.These scams are helping fuel the nationwide escalation in identity theft. According to the Anti-Phishing Working Group, the number of phishing sites reported each month more than quadrupled, from 2,854 sites in April 2005 to 11,976 in May 2006.
“People can avoid phishing attacks by learning the telltale signs of these scams and using phish-fighting technology,” said John Scarrow of Microsoft Corp., which offers free technology to help protect people from phishing e-mail and Web sites.
The Microsoft Phishing Filter alerts people to and blocks known or suspected phishing sites. Already available for no charge in the Windows Live Toolbar and as an MSN Search Toolbar Add-in, the filter is also included in Internet Explorer 7 and Windows Vista. In addition, the SmartScreen e-mail filtering technology available in Windows Live Mail, MSN Hotmail, Office Outlook and Exchange Server helps block e-mail messages that can lure people to phishing sites.
Weekend fisherman Robert Marvin has learned how to avoid phishing scams by applying tactics similar to those of the wily salmon that evade his lures. “We carefully review e-mails and Web sites that request personal information,” said Marvin, a father of two who runs a mutual fund. “We don’t ‘bite’ just because it looks official.” He also maintains a credit card with a low limit for all online purchases.
Staysafe.org offers the following tips to avoid phishing scams:
• Never enter personal information, such as credit card or Social Security numbers, into Web sites reached via links in anonymous e-mail messages.
• Avoid clicking on links to Web sites contained in e-mail messages, particularly when updating account information or changing passwords. Instead, type addresses directly into the browser or use personal bookmarks.
• Check for misspellings or typos in the online address, as well as e-mail addresses containing “@” somewhere other than directly before the business’ or Web site’s name.
• Double–click on the yellow padlock icon in the bottom right-hand corner of business Web sites. The name that comes onto the screen should match the name of the site.
Microsoft also recommends that users create different log-in names and passwords for different sites.
Intrusion Prevention solutions detect and eliminate content-based threats from email, viruses, worms, intrusions, etc. in real time without degrading network performance. They detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time – without degrading network performance.
Today’s global information infrastructure faces possible huge financial losses caused by ineffective Intrusion Prevention. Among the most vulnerable technologies are Providers of VoIP, video teleconferencing and data over cellular networks. While these providers have integrated into their products, the need for new Intrusion Prevention solutions is constant. Here are some of the area in which Intrusion Prevention offers effective solutions.
Instant Messaging – Intrusion Prevention
The real-time, interactive nature of Instant Messaging makes it a valuable tool for business partners, customers and fellow employees. The breach of security opportunities created by the use of IM must be managed for given its postion as a widely accepted business communications tool.
Real Time Vulnerability – Intrusion Prevention
Real Time Vulnerability Protection Suite breaks away from the reactive method of chasing attacks after they happen to eliminating and protecting vulnerabilities on your systems. By protecting against known and unknown vulnerabilities, you can ensure data reliablity and sercurity.
Network Infrastructure – Intrusion Prevention
Intrusion Prevention protect the network infrastructure to carry on your business without disruption. Enterprise level solutions offer effectevie network intrusion prevention solutions (IPS) within the context of your company’s comprehensive security policy.
Email – Intrusion Prevention
Financial Companies, manufactures, retailers, etc. use intrusion prevention to scan messages and attachments for viruses. Together with “preemptive” email security approach, effective intrusion prevention offers the best protection from spam and virus attacks.
Application Level Attacks – Intrusion Prevention
A successful denial of service attack can put a corporate website off line for hours or more. Intrusion Prevention products offer the best protection against application level attacks and secure all networked applications, users and server resources.
Large Enterprises – Intrusion Prevention
Large Enterprises with widely dispersed Carrier & Data Center Networks need specially built high-performance security gateway Intrusion Prevention with proven firewall and IPSec VPN to deliver scalable network and application level security. Intrusion prevention protects the enterprise against the seemingly insignificant worm, virus, trojan, etc. that can topple its network.
Q: I use PayPal to accept credit cards for my online collectibles business. I recently received an email that my PayPal account was going to expire in five days if I didn’t click a link in the email and give them my PayPal account information. Being naturally paranoid I decided not to give this information and I’m happy to say that my PayPal account did not expire. Was this a scam? — Brenda A.
A: Be thankful that your paranoia kicked in, Brenda, because you were about to fall victim to the scam of the week, this one aimed at the 35 million merchants and individuals who use https://www.coolwebtips.com as their online payment processor.
The email you received was not from PayPal, but from an Internet bad guy behind a forged email address using the https://www.coolwebtips.com domain. You should understand that no reputable online company will ever ask you to provide your account information. Think about it. They already have this information. Why would they ask you to provide it.
Since I use PayPal for several of my online ventures, I, too, received the email in question. The email first seeks to instill fear in you by saying that your PayPal account will be closed if you do not provide personal information. You are then directed to open an attached executable file and enter your PayPal account information and other personal information that PayPal doesn’t even require, including your social security number, checking and savings account information, driver’s license number, and other personal information that can be used to clean out your PayPal account and perhaps even steal your identity.
If you’re not familiar with PayPal, it is a hugely successful, web-based company (purchased by eBay in 2002) that many online retailers and eBay sellers use to accept electronic payments for everything from newsletter subscriptions to consulting services to just about any product for sale on eBay.
The allure of PayPal is that it does not require the seller to have a bank merchant account through which to process credit cards. Anyone with a verifiable email address and bank account can use PayPal and the service can be implemented almost immediately after registering.
When someone places an order on a website that uses PayPal for online payments, that customer is directed to https://www.coolwebtips.com to complete the payment process using a credit card or electronic check. The merchant can transfer the money collected in his PayPal account to his checking account any time he likes. Since many larger merchants make this transfer just once a week or so, their PayPal accounts are ripe for the picking from those who have the cunning and lack of ethics required to gain access.
The shear number of PayPal customers is one reason it has become a popular target of scam artists trying to steal personal information from individuals and businesses alike.
Identify theft is on the rise. Thanks to the Internet stealing someone’s identity has never been easier. At any given moment, there are any number of Internet thieves using all manner of high tech wizardry to steal personal and business information from unsuspecting souls, and many times they can gain access to this information simply by asking the person to provide it through fraudulent means.
The PayPal scam is just the latest in a long line of sophisticated attempts to steal personal information through online means, Amazon, eBay, Dell Computer, and many others have been the brunt of many such scams in recent years.
Identity theft is what’s known as a knowledge crime, which means that the criminal doesn’t have to break into your house to rob you blind. If you have a bank account and a social security number, you are susceptible to identity theft.
While most people are familiar with identity theft, most business men and women never think about it happening to them, at least on a professional level. Consider this: if a criminal can learn your business checking account number or the number of your company credit card, they can steal far more from your business than if they had simply knocked down the door and carted off your desk.
The Internet aside, most business and personal identity theft is still the result of stolen wallets and dumpster diving. You should guard your business records closely and be very careful what you throw away. Stop and think for a moment what a criminal might find in the dumpster behind your office.
There’s a good chance that dumpster has, at various times, contained scraps of paper with your social security number, driver’s license number, credit card number, old ATM cards, telephone calling cards, and other pieces of vital business information like bank statements, invoices, and purchase orders. A dumpster-diving thief could literally rob your business blind in a matter of hours.
Here are a few ways to protect yourself from business and personal identity theft.
* Never give out your first name, last name, business name, email address, account passwords, credit card numbers, bank account information, PIN number, social security number, or driver’s license number.
* Change your online account passwords every 30 days. Believe it or not, a hacker who steals your personal information can guess your online account passwords in about two minutes. If your Charles Schwab online account password is your birthday or the name of your first born or family pet, count on a hacker cracking that code faster than you can say ‘Bill Gates.’
* Never provide personal information in response to an email or telephone call. Just because someone calls and says they are from Dunn & Bradstreet and need to confirm your business information does not mean they are really from Dunn & Bradstreet.
* Never give your business credit card number over the phone to place an order with someone who has called you unsolicited. If you are interested in what they are selling get their number, check out their company, then call them back to place the order.
If you think that you have become the victim of identity theft or think someone is trying to steal your identity or personal information you should report them immediately to the Federal Trade Commission. You will find more information on their website at https://www.coolwebtips.com For more information on what to do if identity theft happens to you visit https://www.coolwebtips.com if you ever receive an email from PayPal, Amazon, eBay, or any other ecommerce website asking you to update your account information by email you can pretty much bet the farm that it is a scam.
In business, as in life, a little paranoia is a good thing.
Identity theft is becoming a bigger problem as more and more people are making the internet a bigger part of their lives. People who are new to the online medium often fall prey to ‘phishing’ or other internet identity theft schemes. In many cases the ‘phishing party’ uses your credit card to order goods for them selves, in other cases they will apply for credit cards, set up bank accounts, and take advantage of your good credit rating. Correcting these issues involves a lot of time energy and stress, so here are ten tips to help you from becoming a victim of identity theft.
Use a disposable email account. Keep your business or personal email account just for business or personal communication. If you are going to be making purchases online, joining newsgroups, or subscribing to mailing lists and ezines use a disposable email account. There are many online free accounts such as yahoo, hotmail or grail, and most of them can interface with popular email clients like outlook or outlook express. Use one of them for all of your shopping transactions.
Disguise your online identity. If your real name in Mary Smith try to avoid using email accounts with name like firstname.lastname@example.org when dealing with people you don’t know and trust. If you were born in 1972 don’t chose email@example.com as your email account.
Use different level passwords. Use one password for your personal information, use another for your business accounts and a third for your disposable email accounts or mailing lists you sign up for. Don’t use sequential passwords like password1 for personal use password2 for business, and password 3 for disposable accounts.
Use strong passwords. Don’t use your birthdates, year you were married, or your children’s birthdates. Avoid choosing passwords that consist entirely of letters or numbers. Also try to avoid using passwords that are actual words. The best passwords are mnemonic phrases like “my father ate three apples for breakfast”. Take the first letter of each word and convert the number into numbers and you end up with “mfa3a4b”.
Rotate your passwords. You should change your passwords every 6 to 12 months. If you suspect your passwords have been compromised change them as a safety precaution.
Use only one credit card for all of your online purchases. If any of your other credit cards have online transactions you know they are fraudulent. If you see offline purchases for your online credit card you also know they are fraudulent.
Use credit cards instead of debit cards. While many debit cards now offer online purchase protection it’s easier to dispute fraudulent charges than to recover debit card funds that have already been spent.
When you make purchases online make sure your transactions are secure. In the address bar you should see “https” and not “http”. There should also be small lock icon in your browser. If this is your first purchase from the company make sure the issuing company is someone you have heard of like Verisign, or Thawte.
Never open or fill out email requests for you to update you account or credit card settings via email. These are ‘phishing’ scams people use to try and secure your personal information. Many of them are growing increasingly sophisticated and go to great lengths to look exactly like the companies website using their exact logo..
|account, accounts, attacks, business, cards, credit, e-mail, email, information, intrusion, network, number, online, passwords, paypal, people, personal, phishing, prevention, security, sites, solutions, time, web|