E-mail Free from Phishing
Phish•ing
noun
Malicious or misleading e-mails sent with the intent to harvest personal information including passwords, credit cards, personal details.
verb
The act of soliciting or encouraging people to divulge personal information to be sold or used to gain unauthorized access to online systems with the purpose of committing a crime (theft, fraud, etc.). Click for Wikipedia Phishing page.
The Phishing Threat
Evidence shows that there is a thriving black market for personal information. Almost anything that can be stolen can be sold to somebody. This includes:
- User names and passwords for web sites
- Bank account information including account numbers, passwords
- Credit cards
- Social Security numbers
- Personal information (used for identity theft)
How is this information stolen? By crafting e-mails that look like they came from a trusted site (your bank, a popular website, etc.) that lead you to divulge personal information.
Phishing is a major crime. Estimates are that losses due to Phishing attacks cost the United States alone more than $1Billion/year.
Typical Phishing Strategies
Phishing attacks can be categorized by the type of information they attempt to harvest:
Personal Information is acquired by e-mails offering low interest loans with no credit checks, unsolicited job offers, etc. Upon success, the scammer has your personal details which can be used to commit identity theft.
Account Information is harvested using e-mails that ask you to verify your creditentials, change your password, update your account, re-activate your account or log in to get a private message. The successful attacker acquires your credentials and can access a web site as you, move money from your bank account or spam people using popular online e-mail services.
Taking Over Your Computer. Phishing attacks can start by tricking you to download malware onto your computer (by forging web links to popular sites). Once malware is installed on your computer, the computer can be scanned for personal information (e.g.: account passwords and links stored in web browsers) which is then stolen. Malware can also redirect your browser to phishing web sites that masquerade as legitimate sites to steal your information.
Can I Protect Myself From Phishing?
Yes... within limits. We've all seen poorly crafted e-mails that are obviously bogus. Messages like:
- Claim your inheritence
- Collect your compensation
- Get a loan at 3% - no Credit Checks
- Get paid for using your computer
These are easy to spot and ignore.
Not so easy to spot are high quality, sophisticated phishing attacks that spoof trusted web properties. Technically savvy criminals send out e-mails that look like (and often include elements of) legitimate e-mails from banks, PayPal, eBay, Facebook and other online properties.
How do you protect yourself from high quality forged e-mail? One way is to inspect the message thoroughly. Here are some tips:
- If the message sounds too good to be true, or it makes you feel uncomfortable, it is probably malicious
- Is e-mail the only method of contacting the sender? Legitimate sites often have inbound call centers where you can phone in
- Look at the message. Do they know who you are? Do they use your name in the message? Or, is the message generic without any sign that the sender knows you
- Look at the sender... do you recognize them? If it claims to come from a bank, does the sender's domain name match the banks domain name?
- Look at the recipient. Is it addressed directly to you or is there a long list of recipients from completely unrelated domains? Is the message sent to Undisclosed Recipients or to someone other than you?
- What is the message asking you to do. Most legitimate web properties will never send an e-mail asking you to 'verify' your account or divulge your password
- Look at the hyperlinks in the message. Do they contain domain names for domains other than the sender's domain? You may have to look carefully to see the actual web link. A good strategy is to place the mouse over a link and let your e-mail client show you the actual link (as opposed to the text link in the message). A good rule of thumb is that if the actual link and the text link differ - it is malicious
- Look at the images in the message. Do image links point back to the sender's domain or to some other web site?
- Turn on and use the Safe Browsing feature in your web browser. This feature will block you from visiting known web site forgeries
The problem is, not everyone has the time or is technically sophisticated enough to correctly detect and avoid phising messages with a 99+% accuracy. Even if you are, it takes time to conduct these reasonableness tests on each message. It is better to rely on a quality spam filter to do the job for you.
How Does PerfectMail Protect Me from Phishing?
The best protection against Phishing is to have your spam filter eliminate phishing e-mails as soon as they are received. If phishing messages never make it into your in-basket, then you can't be tricked.
Here are just some of the things that PerfectMail does to keep you protected:
- All regular antispam tests are conducted. If it looks like spam and acts like spam, it is probably spam
- PerfectMail pays special attention to e-mail messages that purports to come from a major web property or financial institution. In such cases, the sender, sending server and all included links must originate from the sender's domain name
- All web links are checked in multiple ways. PerfectMail looks to see that web links point back to the sender's domain, are not spoofed, do not redirect to 3rd party sites, etc.
- The final web page is checked to see if it is a login screen
- We use Google Safe Browsing databases to identify and block messages with links to known unsafe sites
- We check to see if the sending server is authorized to send on behalf of the sender's domain
- The sender's e-mail address domain name must match the domain names in web links in the message
- The sender does not include web links to 3rd party domains in the message
The result? PerfectMail keeps you and your team safe from the risks and costs of phishing e-mails. It correctly blocks these threats while ensuring that legitimate messages from popular web properties and financial institutations are handled correctly.
Phishing is a very real threat - thousands of people each year are victimized by phishing. With the right approach and the right tools, this doesn't have to include you.
-- Larry Karnis
Last modified: 2024-04-05, 12:54
© 1999-2013 PerfectMail
Comments
No comments yet.