In the article, “Social Phishing,” Tom N. Jagatic, Nathaniel A. Johnson, Markus Jakobsson, and Filippo Menczer present an experimental study performed at Indiana University (IU). In this study, the authors launched a phishing attack on 581 IU students aged 18 to 24 years old. Each target was selected based upon the amount and quality of publicly accessible information they had disclosed about themselves. An email was sent with a link directing the recipients to a phishing site in which they were prompted to enter secure university credentials. A large number of students were deceived by this fraudulent website and authenticated their private information multiple times. Although scam artists are becoming increasingly sophisticated in their methods, many phishing attacks can be easily identified and prevented. In this essay I will explain how to prevent a phishing attack and how better to secure personal information.
So just what is phishing? The authors of the article, “Social Phishing”, define phishing as a form of deception in which an attacker attempts to fraudulently acquire sensitive information from a victim by impersonating a trustworthy entity. Examples of which would be emails sent from what appears to be your bank requesting verification of your personal information, or emails from friends recommending you to “check out this really cool new website!”
How do phishers acquire your personal information? Social networking sites are the most common resources for scam artists, and in the IU experiment most personal information was garnered from venues such as Myspace and Facebook. Interestingly enough, when participants discovered that the perpetrators had acquired their information from these public websites they were outraged. Some believed that the contact information displayed on their profiles was only accessible to their friends or contacts. Still others believed that their information was protected under the terms of service, and felt that their information was accessed illegally. Unfortunately, there is no such protection under terms of service agreements, and any information displayed on a public website is open to anyone who cares to search for it.
Some fraudulent companies collect consumer information, such as bidding history and shopping preferences, from sites like eBay and Amazon. They can track your spending habits via your browsing history and send emails to you under the auspice of a rewards program you may actually be enrolled in.
What measures can you take to avoid falling for one of these elaborate schemes, and what safeguards can you put in place to protect your personal information? Firstly, never follow a link from an email. All participants in the Indiana University study were phished thru bogus links sent via email. Each link led to a page where the subjects had to “verify” sensitive information and input their university credentials. If a link is included in an email copy and paste it into the address bar.
The best way to verify the legitimacy of website is to check the URL. The old adage, “Don’t believe everything you see,” remains true. Also, many scammers operate in a second language so check the email for basic grammatical and spelling errors. Remember, banks will NEVER ask for your information via email. If you receive an email from your “bank” requesting it, DO NOT, I repeat DO NOT do it. Read my lips, “It is a SCAM!”
Another tip is to avoid clicking on icons and advertisements on web pages. While some advertising is legitimate, many icons can lead to a page where they will ask you for your personal information. If an advertisement does catch your eye, try going directly to the company website rather than simply following the advertisement directly.
For more secure browsing many experts recommend using the Mozilla Firefox web browser. Firefox has various security features such as the Instant Web Site ID, which can verify the legitimacy of a website with a click of a button. Firefox also has anti-phishing and anti-malware software. Firefox receives updates of web forgery sites 48 times a day, so if a link leads you to a fraudulent site, a browser message will stop you, stating that the site you have accessed is a fraudulent website. Firefox will also display a full size browser warning message if you accidentally access an attack site.
You can also customize your security settings to clear your browsing history and cookies after each session to insure that your private data is protected.
A word of caution about Firefox- any stored passwords can be accessed from your computer or a remote browser. You can secure these passwords by setting up a master password, which protects your saved password information; however, be sure to remember your master password because if you forget it, any information protected by it will be inaccessible.
Ultimately, common sense and observation are the best safe-guards against phishing attacks. Pay attention to email content, avoid directly following links you may receive from emails, and be skeptical of unfamiliar sources. A quick glance at the address bar can verify that you are indeed on the correct website and can save you a lot of headache and worry. Periodically delete cookies from your computer and take precautions in securing password information. Finally, install antivirus software on your computer and use a secure internet browser. These are very simple steps everyone can take to insure that their personal information is protected.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment