Phishing

Practices

• Use common sense when giving out personal information: Be careful when giving out personal information in Web forms. Your bank is not going to lose your credit card or account information and ask you by email to enter it online. Don't respond to such requests. Follow them up with a phone call to the institution if you want to make sure.

• For sites requiring personal information, type in the Web link yourself: Instead of clicking on a Web link in an email, type the known address of the Web site in the browser's Address line yourself. This ensures that you won't be sent to a fraudulent Web site.

• Use secure Web sites for sharing personal information: If you're at a site where you're being asked for credit card or other sensitive information, make sure the Web site you are viewing is secure. First check the beginning of the address in your browser's address bar; it should be "https://" rather than just "http://". If it's not, the site is not secure.

  The "https://" address can be spoofed, so also check to see if you have a lock icon next to the address bar in the top right-hand corner of the Internet Explorer window. If you don't, the site is not secure. Since this also can be spoofed, double-click on the lock icon and read the dialog box that appears. Try to confirm that the name on the digital certificate matches the site you think you are visiting. Taking these steps lowers your chances of being scammed.

• Check your bank and credit card statements for purchases that you did not make: Regularly check your bank, credit and debit card statements to make sure that all transactions are legitimate. It is important to know what you did and did not buy so that you are better prepared to answer questions if somebody steals and uses your financial information.

• Check your hosts file occasionally: Normally, your browser translates a Web address or "host name" like www.google.com into a corresponding Internet Protocol (IP) address. The Internet then uses the IP address, not the host name, to find the desired site. Your computer contains a file named "Hosts" which has entries linking host names to IP addresses. This file overrides the normal translation, so if a phisher can write to this file, he can use it to link you to fraudulent Web sites.

  The "hosts" file is typically located in your "windows\system32\drivers\etc or winnt\system32\drivers\etc" directory, but you can also find it on Windows by going to Start > Search > For Files or Folders. It normally has only one IP-host name link at the bottom for localhost (e.g., 127.0.0.1 localhost). If you see any link besides the localhost link, especially with a host name you commonly use, it was probably put there by a phisher, and you should delete it. Any line starting with a "#" is a comment and harmless.

• Check emails for fake Web links: If you receive an email that asks for personal or financial information, check the source code  for misleading links. Once you have viewed the source, scroll until you find the link you want to check. If the link has something similar to "http://scgi.ebay.com@64.68.92.168:3879", where "http://scgi.ebay.com" is the address of the legitimate site, then the Web site is a fake. The remainder of the link (@64.68.92.168:3879) maps the "http://scgi.ebay.com" Web link onto the IP address (64.68.92.168) and port number (3879) specified.
• Minimize your use of untrusted hotspots: This is especially true when you cannot be certain who else has access to them.
• Disable the automatic connection capability of your Wi-Fi software: Disable your Wi-Fi software so that it will not automatically connect to any Wi-Fi signal. This will keep you from automatically connecting to illegitimate WiPhishing sites while searching for or using a wireless connection. It also keeps your from connecting to a WiPhishing site while you are using a wired network connection and not paying attention to your wireless connections.

Settings

• Protect your "hosts" file from being written to: If a phisher can write to a file on your hard drive called "hosts", he can use it to link you to fraudulent Web sites. To protect your hosts file:

  1. Go to the "windows\system32\drivers\etc" or "winnt\system32\drivers\etc" directory to find the file.
  2. Right-click on the file, and choose Properties.
  3. Check the Read-only box at the bottom of the General tab window.

Tools

• Anti-phishing: None of these tools is a foolproof way to avoid phishing, but they can help. If you decide to use them, don't be lulled into a false sense of security. Continue to use common-sense and caution in giving out personal information online.

  • Automatic notification of known spoofed Web sites: There is software available that can notify you when you are being directed to a Web site known to be fraudulent. These products continually update a list of known fraudulent Web sites and allow your browser to access this list. Of course, many phishers constantly change the sites they use to get around this software and to escape detection. One product of this kind is Microsoft's Phishing Filter .

  • Automatic notification of possible spoofed Web sites: Some software tries to detect phishing by looking for characteristics of previously detected attacks and guessing whether a given site is likely to be fraudulent. One free product that does this is Spoofguard .

  • Automatic display of domain name: Other software fights phishing by displaying information such as the real (as opposed to the spoofed) domain name of any Web site you visit. One free product of this kind is SpoofStick .