 
cvrefugee
Premium
join:2003-09-15
Corona, CA | Hmm... Do you really need it for Firefox? | |
|  | DirtyJ
join:2002-12-06
New Paltz, NY | Re: Hmm... Do you have any idea what Phishing even is? | |
| | |
cvrefugee
Premium
join:2003-09-15
Corona, CA
| Re: Hmm... said by DirtyJ  :Do you have any idea what Phishing even is? An IE exploit? | |
| | | | | | | | | | | | 
Jason Levine
Premium
join:2001-07-13
USA
| Not even close. Phishing is when a scammer tricks a user into entering sensitive information (account usernames/passwords, credit card info, bank account info, ssn, etc) into their site while the user thinks they are at another website (eBay, their bank's site, etc).
Commonly, the phisher will send out an e-mail telling the user that they need to update some account information. The e-mail will include a "helpful" link. This link will go to a page that looks a certain site (e.g. citibank.com) but isn't. Depending on the level of sophistication, the URL might be an IP address, a "look-alike" domain (c1tibank.com), or a domain name faked using an address bar exploit.
The user would click on the URL, fill out and submit the form, and the phisher would then use the submitted information for something nefarious (drain their bank account dry, sell their identity, etc.).
Except for the address bar exploit (which only aids phishing), phishing isn't limited to one browser. You can "get phished" while using IE, FireFox, Opera, whatever.
--
-Jason Levine
http://www.jasons-toolbox.com/
http://www.PCQandA.com/
http://www.urateit.com/ | |
| | | | |
cvrefugee
Premium
join:2003-09-15
Corona, CA | Re: Hmm... I knew what it was, but I remember this piece of news. | |
| | | | | | 
jaykaykay
4 Ever Young
Premium,MVM
join:2000-04-13
Scottsdale, AZ | Re: Hmm... Actually, what the others are trying to tell you is that this little tool is a good one to help elmiminate a problem and is a good security device. | |
| | | | | 
calvoiper
join:2003-03-31
Belvedere Tiburon, CA
| I have an anti-phishing device.
It's a sign on the wall that says "Don't be stupid and respond to unsolicited requests for information."
It works pretty well for me.
Calvoiper
--
VoIP--the death knell of remaining voice monopolies! | |
| | | | | | 
click_310
Eat my shorts
join:2002-12-06
Savannah, GA
| Re: Hmm... said by calvoiper :I have an anti-phishing device. It's a sign on the wall that says "Don't be stupid and respond to unsolicited requests for information." It works pretty well for me. Calvoiper Please send a copy to my Mother-in-law | |
| | | | | | 
keith2468
Premium,MVM
join:2001-02-03
Winnipeg, MB
1 edit | An intelligent sign to have on the wall.
But phishing works by seeming to be solicited.
Phishing pretty much always involves widely used companies so that there is a high likelyhood that some phishmail recipients will not be surprised to receive the email.
Say you deal with, say, Wells Fargo Bank, and you do banking transactions over the internet.
Say you get an email from Wells Fargo Bank. That email seems to be solicited. The Phisher spoofs the return email address, which as you may know is not hard to do, so that you think the email is from a company you normally get email from.
The second twist is that phishing emails often have perfect business english (unlike most virus emails). They usually have the same phrasing that a bank or ISP or whatever company would use. One tip-off about phishing email is that the phisher usually doesn't know your full name and address or account number. So if the usual personal details are missing, suspect phishing. And always report suspected phishing using the procedures in the FAQ linked at the bottom.
So you click on the link in the email, go to a familiar looking website, and see actual real Wells Fargo graphics all over it.
And that is the third twist. Because web pages are downloaded to browsers for display, the legitimate web page contents are available to phishers for copying. Phishers can make exact copies of the real pages and the real graphics on the real pages.
The final phishing trick is to send you to part of the legitimate company website after you give up your information (usually credit card number, account name, password, whatever).
That way, they get your info, and you enter the regular website, and there is nothing to tip you off that you've been scammed -- until your credit card goes over limit, or your ISP suspends your account for spamming.
Here is the BBR FAQ on phishing:
»Security »Scam Email: What is Phishing? What do I do about it?
There is a link to actual pictures of phishing emails and websites. You can see how realistic they are. The pictures have notations on any tip-off clues. »www.antiphishing.org/phishing_archive.html
--
(Virus&Hijacking FAQ + Submit suspected malware + Backups FAQ + Security FAQ TOC) | |
| 
Logwind
join:2003-06-20 | Spyware. No thanks. | |
| | raye
Premium
join:2000-08-14
Orange, CA
| Re: Spyware. Spyware is when info is sent UNBEKNOWNST to the user. How do you expect phishing explitation to be mitigated if it is not reported?
It all comes down to trust. If you trust Netcraft (which I do) use the tool. I am sure their are tools which cost that give out far more information than the user would like. Free tools alwasy come with conditions, unfortunately. | |
| | | | | electric_dsl
join:2004-07-20
Pickering, ON
| wow A couple of these posts are prime examples of why IE and any other browser that might take its place is in such bad shape.
Despite real coding errors, these people will find ways to destroy anything through sheer stupidity.
They can't even understand a simple, well explained concept how are they going to use a basic "browser"! | |
| | 
inciter
Noobie
Premium
join:2000-08-30
Rohnert Park, CA | Re: wow Wow! Your right! 100 %
| 
|
\/ | |
| 
Transmaster
Don't Blame Me I Voted For Bill and Opus
join:2001-06-20
Cheyenne, WY
 ·Qwest.net
| Maybe for IE... what in the world does Firefox need an anti-phishing toolbar for I am looking at the firefox's "Spoofstick" right now seem to be a day late and a dollar short.
--
Real Men use Vacuum tubes, 25 pound filament transformers, and plate voltages no less then 2400 volts...BPL I'm coming to get you | |
| | | |
|
|
Netcraft Toolbar
·