Fishing for Phishers

This blog entry discusses getting a phishing scam e-mail, and then some further logistics behind what might stop these from happening (and how to avoid getting scammed yourself). It was also linked to up on Slashdot.

Generally speaking though, we can't totally stop getting these things. We can reduce it, sure, but we can't totally stop it. So that means we have to learn how to deal with them once we have them.
Generally speaking, the best thing is to raise your level of paranoia a bit and don't trust any e-mail that you get. If you know how to look at the headers in your mail program - do that and see if it looks like it is coming from the right place.
Even then, that is just going to confuse most people.

So for these sorts of things, the best idea is to just not click on any links that you see in your e-mail. If your bank supposedly sends you something that requires you to go to their website, don't click on the link.
Instead open up a web browser and go to the URL that you know goes to your bank (ignore the one in the e-mail). Then look around on what you know is your bank site and see if they are saying the same thing there (that they need additional info from you).
It is extremely rare that they ever do, so be highly suspicious of these e-mails asking for additional info.

If all else fails, call the bank to confirm before you do it. But then again, make sure you aren't getting the phone numbers from the e-mail, but instead from the website that you are sure is actually your bank.

Much of this should be common sense, but it only takes those few that are perhaps new to the net and don't quite see all of this yet, and the phishers can make money.

Posted by Eric at November 7, 2004 03:46 PM | TrackBack