|
Raw Bytes Computer News KPBX FM 91.1 Radio National Public Radio Network Frank Delaney Producer Broadcast on Thursday Morning 7:35 AM During Morning Edition Support Public Radio ! The Theater Of the Mind |
In computer news this week –
01/20/2005 |
|
|
The worst estimated Danger on the
internet for 2005 – phishing or spoofing - and
how to avoid it. You get
an email from your bank or some company you do business with asking you to
verify your billing information on line – this is the typical phishing or spoofing email that hackers send out by the hundreds
of thousands to try to steal your credit card information, and supposedly 5%
of all people fall for these emails. It seems
the top 3 I
get are supposedly from Ebay, Paypal,
or Citibank, but I have have received similar
emails from dozens of supposedly legitimate companies. Yesterday I received an email from Ebay asking me to verify my billing information online
– It said my account had been suspended and that I needed to update my
information: Your
eBay account has been suspended. Regards, It looked
very official – (even though I am not even a Ebay
customer)- and supposedly if I clicked on the link in the email it was going
to take me to a secure website – as in the email the website was
displayed as https: I have a
picture of this spoofed Ebay site on my Raw Bytes
webpage so you can see what a spoof site looks like, and what should be there
if it were a legitimate site http://www.mtamicro.com/kpbx.html. But when
I placed my mouse pointer over the website in the email it displayed a
completely different website address – a numeric address. If you see a
website address that is a number, there are many places on the internet you
can go to do what is known as an ip address lookup.
I went to
http://www.netsol.com – clicked on
the Whois selection – meaning I wanted to
find out Whois the registered owner of this numeric
website and found it to be registered to a Netherlands company. If this
website was truly legitimate it would have been registered to Ebay, so it was obviously a fraud. There are dozens of
sites on the internet you can go to to find out the
legitimate owner of a website – using the actual website name or the
numeric address, but sadly you
will find that often this information is obviously bogus. Phishing/spoofing sites are usually operative less than a day. A
hacker will register a website online – probably using a stolen credit
card number and using an internet registrar that doesn’t check the
registration information. Then they can get a free email account virtually
anywhere and list of email addresses from any number of spam companies. Then the
hacker will go to the website of a legitimate company and easily download
parts of their website; their logos and main screens, and put it on their own
site. On the
internet – what you see is what you can get – and any website or
picture that you can see on your computer screen – you can download and
use for your own purposes – and that’s why spoofing/phishing sites can look EXACTLY like the real sites,
unless you know what to look for, and how to avoid these scams. Phishing and spoofing is such a threat to Ecommerce that most
banks and retailers have informed their customers that they will never be
asked online to verify their billing information. So you
should never respond to an email from anybody asking
you to verify your billing information online. And you can always use that
old fashioned device – the telephone - to call the legitimate company
you deal with to ensure your credit information is safe.. For Raw Bytes This is Frank Delaney (C) 2005 MTA Micro
Technology Associates http://www.mtamicro.com/kpbx.html (509)624-7230 |
|