Computer Security - Phishing
Phishing is where an email is out sent to those people who possibly are customers of a bank, credit card or
something similar asking the recepient to go to a web site to verify their account number and PIN Code or password.
However, the email and web site are actually actually used by the scam artist to gather information in order to
defraud the customers. Since phishing is essentially "social engineering" or ways to get you to give them the
information, be careful with your personal information. The actual details of phishing attacks chage frequently,
look for the ways that phishers will try to get your personal information to grow in the coming days. Normally,
phishers use email or fake web sites to start the process, Remember, banks, credit unions and credit card companies
will not normally contact you by email about your account information. Here are a couple of articles describing
phishing in more detail:
PC World article on phishing     
Money Central article on phishing
(NEW - 09-09-2011) A new twist on this is to send out an email with an attachment that is supposedly a report from your financial institution, your credit card company or some other trusted comapny and it asks you to open the attachment to verify the information it contains. However, the attachment either has a trojan horse, a virus or even both. The trojan horse could possibly cause more problems as it could send information from your computer to the senders. This information could be computer information or your financial information
Spear Phishing - New targeted e-mail attacks try to lure you in with specific, convincing messages. These recent
targeted attacks use social engineering to trick people into who are avoiding the wider phishing e-mails. They are
usually directed at employees or members of a smaller group and seem to be coming from some trusted official, such
as the head of the IT Department. A recent attack went exclusively to the faculty and students of a university and
was directed at their credit union while another was directed at a small Israeli company.
How spear phishing works: The spear phisher locates a target company with a detailed online directory, and pulls a
list of e-mail addresses. To furthur the illusion, the phisher picks an important person to serve as the "source"
of the message. (Like a member of the IT Department) The spear phisher writes the e-mail appeal, using as many
company-specific details as possible, and sends it to the target list. ("To:.. From: IT Dept.. Subj: I need your
info now...) An employee falls for the attack and gives up his log-in and password. The break-in! The phisher uses
the collected date to steal company information.
Pharming is a new variation on phishing which redirects you from a valid web site address (or URL) to one controlled by the scammers. Sometimes this is also done by creating a web site name that is so close to the correct one that it is easily mistaken or that has some extra characters that are hidden making the name appear to be correct when it is not. This is especially effective when adding a link to an email. For example, I received an email today saying it was from a Google blogging site and but the actual seb site was in Korea. Be extra careful of web links in emails.
One last thought, if you are in doubt about a web site listed in an email, go directly to that company's web site or call that company by telephone. If you don't know what the company web site is, search for it in a known search engine such as Google or Yahoo.