|
Phishing attacks are
believed to be involved in a recent spate of reported compromises of major email
provider user accounts.
It seems that the usernames and password of 1000s of accounts have been
published on a community website.
It is thought that these accounts were compromised by a phishing attack where
users have unwittingly handed over their account details to a third party.
Regardless of how this occurred, it's a timely reminder of privacy dangers and
the necessity of good AntiPhishing techniques, especially relating to
EMail.
What is Phishing: A method by which information
is (attempted to be) gained from someone, usually under the guise of a legitimate
request. This information could include credit card info, personal details
etc. (Pronounced Fishing).
Email Phishing is typical and involves an EMail request (which is usually
SPAM) asking for certain details. An example is a
phishing EMail requesting to verify user account details.
Often such an EMail may heighten the urgency by claiming the account has already
been compromised, and people may be less cautious due to panic and haste to
investigate and rectify the situation. This can distract from good
antiphishing techniques.
Anti Phishing: EMail
techniques (good practices):
- Commonsense: Be cautious with personal info.
- Be wary of information requests.
- Check the address (url) of websites.
- Check the validity of sites when providing info.
- Be wary how much personal info is online.
- Use security software with antiphishing.
- Click for more antiphishing email
strategies.
Commonsense is really essential. Good security software can also help by
identify incoming email as SPAM and potentially a phishing attack.
Good security software can also identify 'bad websites' that include known
phishing sites. The software can block access to these phishing sites (and
others), or even just provide a warning.
There are also browser toolbars available that can help with assessing the
safety of websites.
|
