Here’s some very useful informaion from KTD Communications regarding the practice of phishing, an email practice used to gain access to your personal information…r
r
“The latest twist in a long tale of Internet scams is called ‘phishing’ and it’s a technique used in identity theft. r
r
The modern phish hooks are spoofed e-mails from companies asking you to update your account information. These are usually from financial institutions, but eBay, PayPal, and online stores such as Amazon have been spoofed as well.r
r
It used to be easy to tell these apart from legitimate e-mails. They had bad HTML formatting, oddly clipped graphics, and incorrect grammar. Additionally, if you were foolish enough to click the links, the web sites’ URLs were always suspiciously long and filled with odd characters.r
r
Not only are the newer e-mails more sophisticated and difficult to distinguish from legitimate e-mails, but hackers now exploit a bug in Microsoft Explorer which allows them to show you a fake URL in the browser’s address bar. This means you can get an e-mail that looks like it’s from PayPal, which includes a link to a site that looks like PayPal’s site, and the link in the address bar will show http://www.paypal.com. In reality, it’s some hacker’s site and he’s waiting for you to come along and give away all your personal information.r
To see how it works, Secunia, a Danish security firm, has posted a test page. Unfortunately, Microsoft has not released a patch yet for this problem though they do offer some advice. (Check it out for fun ? at one point they actually suggest typing JavaScript into the address bar.) Making matters worse, the incorrect URL appears even when you roll over the link in your browser window, and since Microsoft products like Outlook use Internet Explorer, many common applications are affected. Of course, you could always use another browser.r
r
If you have a little HTML experience, one trick is to right-click the e-mail body and select View, Source. This will open your text editor to show you the actual code and even a neophyte can tell if something phishy is going on. If you’re suspicious, it’s always worth forwarding the message to the real company.r
r
You could avoid clicking any link that seems suspicious, but companies often use e-mail to remind their customers to update expired credit cards, or to pay their bill online. In these cases, you should just type the company’s URL into the browser yourself and access your account information from there.”