Insider Secrets: Don't get scammed by phishers

by Jessica Dolcourt

Responding to an urgent e-mail about your compromised bank account is tempting, almost involuntary. That's exactly what phishers are counting on when they link you to a false site and pump you for personal details. Learn how to skirt their tricks in this Insider Secrets video, and remind yourself of other ways to avoid suspicious Web sites that might not have your best intentions in mind.

Jessica Dolcourt reviews the latest and greatest smartphone apps, in addition to a healthy dose of Windows software. E-mail Jessica and follow her on Twitter.

Topics:: Security and spyware

Tags:: Quick Tip,; Insider Secrets,; security,; phishers,; howto-security

Share:: Digg; Del.icio.us; Reddit; Facebook

Recent posts from The Download Blog: Multiservice chat and 3D racing: iPhone apps of the week; Seize Seesmic Twitter app on BlackBerry, Android; What's new in Google Earth 5.1? Not much; DJ from your iPhone with TouchDJ; Star Wars Trench Run for iPhone: The Force is strong with this one; Browser security features compared; Touch up your iPhone photos--with cats!; After long wait, Trillian finally comes to iPhone

Add a Comment (Log in or register) (23 Comments)


by jpm.foda February 19, 2008 9:32 PM PST: very interesting, but I bet that you only touched the the tip of a very big iceberg.I would like to see more of what is going on concerning this topic. I find it amazing of all the different ways info.is obtained while unsuspecting folks think they are having minor problems while surfing the net. Thanks.; Like this Reply to this comment


by wjbuntz February 19, 2008 10:07 PM PST: Here are a couple (or more) good pointers. Watch for mispelling and bad syntax in the emails you receive. If the person that sent you the email can't spell or uses language that is awkward then it is probable not legit.

The video mentioned that you should click on a link in your browser. This is very important. DON'T GO TO THE BANK SITE FROM THE LINK IN THE EMAIL. Go to it by typing the address in your address bar of your browser OR click on a link that takes you there. If the email is legit, then the bank will ask you any information that is needed after you login in (but remember that they NEVER ask for account numbers)!

Another good way to fool the phishers is to use a program like RoboForm. RoboForm automates the login process. Login by clicking on link within the RoboForm program. Keyloggers cannot copy any of the login keystrokes because RoboForm logs in by doing all the typing for you. As a result, a keylogger program can only record that you clicked on something but the program can't see what RoboForm types.

Next, there are a number of free programs that can warn when a phishing site is encountered. Some good ones are McAfee's SiteAdvisor, PhishTank and Microsoft Phishing Filter. My personal favorite is PhishTank, but they are all good. SiteAdvisor works in Internet Explorer and Firefox. PhishTank works in Firefox. Microsoft's Phishing Filter, of course, only works in Internet Explorer. In any case, if a link is clicked within the phishing email a warning (usually) pops up to warn that this is a phishing site. (If the phishing site is new, you may not get a warning so don't go to the bank site from the email!)

Last, if the bank site is legit, many of the newer browsers now show a color in the address bar to indicate that a user is at a secure site. Watch for these color changes--where applicable. A bank site is going to use a secure server to protect your information. A phishing site won't.

Finally, one of the reasons I like PhishTank is that I feel like I am fighting back. I can enter the information in the phishing email at PhishTank and as a result can warn other users! Check out this site.

I hope all of this helps...; Like this Reply to this comment


by talalslman February 20, 2008 1:19 AM PST: hiiiiiiiiiiiiiiiii; Like this Reply to this comment

by clearmymail February 20, 2008 2:06 AM PST

We have a good free guide to spotting Phishing emails at:
http://www.clearmymail.com/Phishing

Like this Reply to this comment


by hanovr February 20, 2008 5:52 AM PST: hiiiiiiiiiiiiiiiiiii; Like this


by revhugomes February 20, 2008 7:09 AM PST: verry good; Like this Reply to this comment


by jw1ls5n0129 February 20, 2008 11:59 AM PST: Hello Tom . I listen to you every week and you are on the ball .one thing you did not hit on
in your "PHISHERS" was the fact that not only do the e.mail do the phishing but also, and I know for a fact ,that they do it through "SKYPE" even then it comes by e.mail ,but it has words as " this person would like to share your contacts with them " now notice they do not put any contacts but ,SKYPE tell you in the e.mail that the person has not left any contacts.
Fools rush in Tom ,what do you make of it ? John; Like this Reply to this comment


by will2348 February 20, 2008 12:58 PM PST: One of my email addresses is always getting spammed even though i live in the UK i get people claiming are Bank of America and i have an account with them and all of my details have been lost (yeah right). Another email is one where the links that you have to click on are IP addresses which makes it obvious it is likely to be a scam. One more thing i found this great program McAfee SiteAdvisor you can download it from www.siteadvisor.com and it is only a 30 sec download and basically on the free version every search you make in a search engine will come up with a tick or a cross next to it and when you browsing the web there will be a tick in the top right hand corner of your browser but if you get the paid version it can put a tick or cross next to email links as well and you can view the site in more detail and see what other people have but about it. I think it is a very useful tool. www.siteadvisor.com . Sorry if you see this as spam but i am only trying to help you guys out on a useful program that could save your computer.; Like this Reply to this comment


by kevinheany February 22, 2008 4:40 AM PST: Just when I thought I knew most everything, Tom comes out and schools me on a few I didn't. You da man.; Like this Reply to this comment

by Cip129 February 23, 2008 2:41 AM PST

Thanks for the warning. I had the same situation. They sent me a letter with my Bank Logo. They stated that someone was trying to use my credit card outside the USA.; hence I was directed to a link, when I noticed they were asking me for my SS# , cank account #, password, date of birth, I got suspicious, The Bank already have all these informations therefore. I called the Bank immediately , and the bank agreed with me. I foward the e-mail letter to the Bank investigation unit. As of now, I check my bank accout everyday to make sure no suspicious withdrawal.are taken place.
Thank for the tip.
Cip.

Like this Reply to this comment


by ralfking37 March 8, 2008 10:50 AM PST: Cip129 same here and when I informed the Bank, I got no response until the third time, then only a formletter; Like this


by waqasjanan February 23, 2008 2:42 AM PST: hi hru bro just tell me what is the use of it
plizzzzzz thanx; Like this Reply to this comment


by leub February 24, 2008 7:41 AM PST: The phishing e-mails I have received are normally easily recognised by the grammer used and the poor spelling.; Like this Reply to this comment

by astancius February 29, 2008 6:16 PM PST

the various e-mails i recieve
start with dear sir / miss:
you have been selected / choosen / won
x gpb that's equal to x dollers.

Like this Reply to this comment


by trayluv March 8, 2008 4:02 PM PST: I received those emails after filling out the survey from Wal-Mart, and I plan to contact them about it.; Like this


by saramon Kharpuri March 7, 2008 8:56 PM PST: i have receive this kind of mail and i have given my bank account No. now help me how to block it; Like this Reply to this comment


by Linda Purnama Sari March 8, 2008 12:46 AM PST: i Really like it; Like this Reply to this comment


by trayluv March 8, 2008 4:00 PM PST: Another phishing scam is the employment sites that send automatic emails that they are astounded by your resume. These are people advertising products or creditors looking for you. One way or the other they want your money.; Like this Reply to this comment


by howiem March 14, 2008 7:08 PM PDT: The video wouldn't play, but I somehow doubt if it mentioned the best protection against phishing and pharming.
1. Call your bank and get the right address (URL)
2. Log in to your account.
3. Once you are logged in, be sure you are on an https web page. Bookmark the page (add to favorites in IE). Name the bookmark something like BankAmerica - SECURE
4. Thereafter ONLY use the bookmark (favorite) to visit your bank(s). The bookmark will redirect your bookmarked page you to the login page of the correct site every time! Do the same thing for every banking and financial institute where you conduct financial transactions.*
*For shopping sites, it usually takes a few more steps before you get to an https web page. The first time I visit a shopping site, I select an item to buy, add it to the cart, and proceed to checkout, and go through all the other steps until I get to an https web page, which I bookmark as the secure access bookmark.

5. There are no exceptions - NEVER click on web site links to access your bank. NEVER click on links in email to access your bank. NEVER click on links in Instant messages to access your bank.
6. Forget about recognizing phishing emails, forget about phishing site recognition quizzes. Forget about loading your PC with tons of anti-phishing software that just slow down your PC (none of them are 100% accurate anyway).
7. If you get an email and you are 100% sure it is from your bank, use the BOOKMARK and visit the site and follow the directions in the email. It might not be as fast as clicking on the link in the email, but it is much, much faster than doing due diligence on the email to be absolutely sure it really came from the bank.
5.
5.; Like this Reply to this comment


by nasheedvilla March 14, 2008 9:31 PM PDT: good; Like this Reply to this comment


by dina agag March 15, 2008 9:43 AM PDT: helloo; Like this Reply to this comment


by will2348 April 12, 2008 11:03 AM PDT: Very interesting and useful. I got an email program called "POP Peeper" it links all my different email accounts into 1 program and before you click on a link even tells you if you click on it where it will take you in the bottom left corner of your screen. Even better McAfee SiteAdvisor either gives the site a "!" "x" "SAFE" and this will also appear next to search engine results but for a few extra quid also give you a tick cross caution next to a link in your email so you know what your in for. Haute Secure is also very good as it is based on what users have said as well as what all the other companies have said.; Like this Reply to this comment


by sudar1992 August 10, 2008 2:39 AM PDT: my yahoo mail is being flooded with phishers. i recieve some 200 messages daily that go to spam.. is it okay simply to delete the messages?..how do I block these messages from getting into my inbox....some one plzzzz help; Like this Reply to this comment