Wednesday, February 17, 2010

Phishing alert: CUA - Personal Information Not Updated for 6 Months

I've noticed the number of phishing attempts against CUA (Credit Union Australia Limited) has increased significantly recently. A phising attempt aims to trick you into revealing your details, such as your bank account details.

The problem for many people is, often phishing attempts use extremely good psychological tricks to make people take action when they shouldn't. The link in a phishing email is a fake. Often I've found there will be legitimate links to make the email look legitimate, and hidden amongst the legitimate links is the fake link ready to trap the unwary.

The following shows how with Outlook, I can move my mouse over the link and clearly see the underlying web address. This is one of the clues to let me know it is a phishing attack. Many people use free web mail services such as Gmail. The free web mail services often don't allow users to easily see the actual web address they will go to if they click on the link.



Yesterday a client asked me about an email they received for renewal of one of their domains. They asked if the email was legitimate and whether they should pay it. Without looking at the email I said, "it may be legitimate, or it may be fake". Anyone could easily determine the registrar for the domain and issue a fake renewal notice. In fact many people have been tricked in the past to moving their domains to a different register and paying increased fees. Whilst tricking people to move domains is not an appropriate business practice, phishing is much worse as it tricks people out of money and then exposes them to other potential loss.

It is sad statement, but you really do have to be on your guard on the internet. Using a product like Outlook, rather than free web mail services, can help you reduce your risk with the additional information provided. But ultimately, most phishing and malware attacks I've seen rely on the user taking action.

Some things I suggest to others are:

1. Have a healthy distrust of emails.
2. Even if you receive an email from someone you know, keep in mind it may not be from them.
3. Don't click on links in an email. Go to the web site by opening the browser and typing in the site address.
4. Don't forward on those fantastic jokes and free emails you receive. They may have undesirable links in them and you may end up hurting your friend. If you want to send them on, copy and paste the part you want to send on (making sure there are no hidden links) and paste it into a new email. There is a reason people send those jokes out and you should really start to think about why they do it.
5. Always check emails to see if they are a hoax. A quick search on the internet will quickly reveal if something is a hoax.

I use OzEfilter, a product I wrote, to enable me to delete nearly all of the unwanted emails before they reach my computer. I also recommend everyone should install an anti-virus program and the one I recommend to my clients and friends you can find information about on this blog. With around 80-90% of all emails now unwanted email, a moment of caution practising safe computing, can save you a lot of grief.

Kelvin

No comments:

Post a Comment