My Personal Finance Journey

Personal finance observation, musing and decisions in a journey toward financial independence by 2020 with at least $3 million.


By Topics

Overall:
0. About (10)
1. My Progress (139)
2. Car & Home (107)
3. Credit (138)
4. Banking (33)
5. Saving (49)
6. Investing (308)
7. Taxes (89)
8. Spending (74)
9. Misc (97)
A. Archive (49)



MONTHLY ARCHIVE

Feb 2014 (3)
Jan 2014 (6)
Jan 2012 (1)
Apr 2011 (1)
Mar 2011 (1)
Feb 2011 (1)
Jan 2011 (1)
Dec 2010 (1)
Oct 2010 (1)
Sep 2010 (1)
Aug 2010 (1)
Jul 2010 (1)
Jun 2010 (1)
May 2010 (1)
Apr 2010 (1)
Mar 2010 (6)
Feb 2010 (2)
Jan 2010 (7)
Dec 2009 (3)
Feb 2009 (4)
Jan 2009 (8)
Dec 2008 (1)
Jun 2008 (2)
May 2008 (2)
Apr 2008 (5)
Feb 2008 (3)
Jan 2008 (15)
Dec 2007 (32)
Nov 2007 (6)
Oct 2007 (8)
Sep 2007 (9)
Aug 2007 (24)
Jul 2007 (2)
Jun 2007 (1)
May 2007 (3)
Apr 2007 (4)
Mar 2007 (4)
Feb 2007 (13)
Jan 2007 (6)
Dec 2006 (3)
Nov 2006 (7)
Oct 2006 (7)
Sep 2006 (6)
Aug 2006 (4)
Jul 2006 (10)
Jun 2006 (1)
May 2006 (3)
Apr 2006 (2)
Mar 2006 (6)
Feb 2006 (6)
Jan 2006 (3)
Dec 2005 (1)
Nov 2005 (9)
Oct 2005 (8)
Sep 2005 (13)
Aug 2005 (25)
Jul 2005 (16)
Jun 2005 (17)
May 2005 (19)
Apr 2005 (20)
Mar 2005 (24)
Feb 2005 (23)
Jan 2005 (36)
Dec 2004 (40)
Nov 2004 (34)
Oct 2004 (17)
Sep 2004 (21)
Aug 2004 (59)
Jul 2004 (37)
Jun 2004 (31)
May 2004 (29)
Apr 2004 (52)
Mar 2004 (49)
Feb 2004 (49)
Jan 2004 (31)
Dec 2003 (48)
Nov 2003 (52)
Oct 2003 (29)
Sep 2003 (8)
Aug 2003 (5)
Jul 2003 (2)
Jun 2003 (2)
May 2003 (5)
Apr 2003 (2)
Mar 2003 (2)
Feb 2003 (3)
Jan 2003 (29)



 

Phishing Is Becoming Epidemic

Contributed by mm | August 10, 2004 11:09 PM PST

On month ago, I didn't even know "phishing" is a word; Merriam-Webster Online doesn't think it is a word either and proves I was not too ignorant. Nevertheless, we'd better know its existence now so that we can avoid becoming the next victim.

In short, phishing attacks are fake emails that appear to be from well-known companies (mostly financial institutions), ask you to go to a web site to perform certain tasks, and in the process, gain access of your confidential information like password/pin, credit card validation (CCV) code, credit card number, social security number and/or bank account number.

A typical phishing mail reads like this:

--------------------------------------

Dear Citibank Customer,

We recently noticed one or more attempts to log in to your Citibank
account from a foreign IP address and we have reasons to believe that
there was attempts to compromise it with brute forcing your PIN number.
No successful login was detected and you have full protection by now.
If you recently accessed your account while travelling, the unusual login
attempts may have been initiated by you.

The login attempt was made from:
IP address: 173.29.197.24
ISP Host: cache-0082.proxyserver.cis.com

By now, we used many techniques to verify the accuracy of the
information our users provide us when they register on the Site.
However, because user verification on the Internet is difficult, Citibank
cannot and does not confirm each user's purported identity. Thus, we
have established an offline verification system to help you evaluate with
whom you are dealing with. The system is called CitiSafe and it's
the most secure Citibank wallet so far.

If you are the rightful holder of the account, click the link bellow, fill
the form and then submit as we will verify your identity and register you
to CitiSafe free of charge. This way you are fully protected from fraudulent
activity on all the accounts that you have with us.

Click to protect yourself from fraudulent activity!

To make Citibank.com the most secure site, every user will be
registered to CitiSafe.

NOTE! If you choose to ignore our request, you leave us no choice but to
temporally suspend your account.

* Please do not respond to this e-mail, as your reply will not be received.

Regards, Citibank Customer Support
--------------------------------------

Pretty convincing, eh? If you click the link, you will be redirected to a perfect replica of the Citibank online banking site, and unsuspecting consumers can easily surrender account login and password.

More phishing mail examples can be found at the website of Anti-Phishing Working Group (APWG).

According to CardWeb, there are more than 1,000 phishing attacks in the month of June. These scammers reportedly succeed to persuade up to 5% recipients to respond to such emails.

So much for the information I have read, some of my personal notes on phishing:

- If an email looks like to be from Citibank, it does not mean it IS from Citibank. In the email world, anyone can fake up the sender information thanks to some shortcomings in the email protocols people invented in the early stage of the Internet. If you are not sure, always call the company to verify. Most of the time, simply ignoring the mail can do less harm than following the instructions in the mail.

- I had become victim of phishing attack once, almost. The mail appeared to come from PayPal and asks me to sign in to verify my identity due to some recent "suspicious activities." I followed the link and signed in, but I took a second look in five minutes and noticed the URL I went to does not belong to PayPal. I immediately went to the real PayPal site and changed my password.

- You might notice very few phishing mails are attacking Discover customers. Not coincidentally, the official online site of Discover Card is https://www.novusnet.com/, which does not appear to have any association with Discover. (Rest assured, I am not phishing you.) I cannot say if this is a good strategy for Discover or not; I will be a little bit confused if the real Discover asks me to go to novusnet.com for online banking.

- Many big names like Microsoft, RSA, Experian and Verisign are standing behind APWG, but I doubt we can turn off phishing attacks exclusively via technology. By the end of the day, you are the best and last defense for your identity in this online world.

This Post Has Received 1 Comment. Share Your Opinions Too.


Jay Ward Commented on August 11, 2004

Just last night I got hit by a fairly convincing 'phishing' attack that might have actually caught a few people had the false link actually been active. I put up a short description and analysis of the email as well as a followup on what Gmail is doing about these attacks on my blog (linked).

An informal poll of my friends shows that several of them received this exact email message, although it originated from a different source. This is my first non-ebay phish, which seems to imply that I am somewhat luckier than the rest of my friends/colleagues. At least when it comes to getting stray phish in my tank.

Jay Ward


Add Your Comments










Remember personal information?




(It will take a few moments for your comment to be published. Please do not close the window until then.)


Read More ... 138 Posts In The Same Category










This page was last rebuilt at February 09, 2014 08:28 AM PST. (736 Words)
 

RSS FEED





PERSONAL FINANCE BLOGS I READ

Consumerism Commentary
Get Rich Slowly
My Money Blog
All Financial Matters
The Simple Dollar






.



Copyright 2003-2014, PFBlog.com. All Rights Reserved. (Privacy Policy)