Phishers and pharmers use fake Web sites to con information out of unsuspecting surfers. Fortunately there are ways to decrease your chances of becoming a victim.
It’s fairly obvious why you need to prevent online intruders from infiltrating your computer. But is it really that important to control outgoing traffic, as well?
Phishers are online con artists. They use social engineering techniques to lure surfers to fake Web sites, where they trick them into divulging sensitive information. .
In a common scenario, phishers spam a huge group of random people. Their emails appear to come from a legitimate company and contain an urgent message. The message often includes a link to a Web site. The Web site, which also appears legitimate, asks you to provide personal information. These sites often display company logos and other recognizable traits, and their addresses may even appear correct. However, they’re imposters, and they’re after one thing: your information..
Pharmers, meanwhile, take a more direct approach. They simply hijack Web addresses and reroute unsuspecting surfers to imposter sites. To do so, they either “poison” the Internet’s system for associating Web sites with addresses, or they use a Trojan horse to send you to the fake site. In either case, the address you’re sent to appears correct, the Web site looks real, but any information you provide could end up in the wrong hands..
So, how do you know the Web site you’re visiting is actually the site you think it is? Well, there are number of things you can do to be more certain.
Always ask yourself how you arrived at a Web site. If you typed in the address yourself, it’s more likely the site is legitimate. However, if you followed a link from within an email message, there’s a greater chance the site is fake. And if the email was unsolicited or contains an unusual sense of urgency, don’t click any links. Delete the email and contact the company or organization over the phone to verify their request for information.
While some fake sites are able to impersonate the site’s URL, not all of them are that sophisticated. Some imposters try to spoof the site by using an alternative spelling or a different domain extension—like .edu or .biz rather than .com. Others may use a completely unrelated Web address, hoping people simply won’t notice.
So, take a close look at the address of any Web site requesting information. If the domain name doesn’t match the name of the organization, if it’s spelled strangely, or if the address begins with a string of numbers, you may be looking at a fake.
There are two reasons you should use secure sites to send information over the Web. First, they use encryption techniques to scramble the information you send back and forth. Second, they verify the Web site’s ownership through a certification process, and that’s the most reliable way to find out whether the site is legitimate.
To make sure a site is secure, check for a locked icon in your browser’s status bar and for a URL beginning with https rather than http. Unfortunately, certificates can also be faked, so, once you’re on a secure site, make sure its certificate is legitimate.
When you arrive at the secure site, your browser will automatically check the site’s certificate. If there are irregularities with the certificate, some browsers will immediately alert you to the problem. If your browser doesn’t display an alert, you can usually click the locked icon to launch a window containing certificate information. Or, you may have to look in your browser’s security menu to view the certificate. Regardless, once you’ve accessed the data, review these three things:
• The name of the authority who issued the certificate. If it’s not a name you recognize (like Verisign or Entrust) do some research to verify the authority is trusted.
• The name of the certificate owner. If the owner of the certificate isn’t who you expect (i.e., the name on the company’s Web site), don’t use the site to send information.
• The expiration date. If the certificate has expired or if it has an unusually long expiration date (most are just one or two years), don’t trust the site.
Good security software can also help you avoid fake Web site scams. For example, some pharming techniques rely on Trojan horses to hijack unsuspecting users. A time-tested solution like Norton AntiVirus™ 2006 from Symantec automatically blocks and removes Trojan horses before they can do their work. Meanwhile, a spam filter is also an invaluable way to reduce phishing emails. And a top quality product like Norton Internet Security™ 2006 actually recognizes spam that contains known phishing scams and keeps them out of your inbox.
Fake Web sites have become a common tool for online con artists, and if you want to protect your personal information and identity, you need to learn how to ferret out the imposters.
