mynetx

Phishing: How You Might Be Trapped

Phishing has grown to be an important malicious way to get your personal data.  So, in order to protect your sensitive data and keep them private, you should be alert about phishing. What exactly is it? Wikipedia defines:

Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.

Common phishing types

  • Imagine you receive a mail “From: Microsoft Customer Support < somerobber@live.com >”.  If you don’t pay close attention, the phisher might trick you into reading the mail and thinking it comes from Microsoft.  Bad links inside such a mail will harm you even more.
  • Another trick uses a mail address of one of your friends, like “From: Your dearest friend < yourdearestfriend@live.com >”.  What you don’t know is, they haven’t written the mail on their own, but a third party has used their login data after stealing them.
  • Messy web addresses that look similar to the real addresses can also be used to mislead you.  So, watch out if you sign in to Windows Live, but the address bar reads “http: //login-live.com/…” instead of the correct “https ://login.live.com/”.  In this case, the phisher has registered the domain “login-live.com” to trick you to enter your sign-in data.

How can phishers use your data?

  • They can sign in as you and send more phishing messages, this time from your e-mail address.  Your friends will thank you.
  • They can reset your password at any web site where you have an account, by opening the password reset link in the mail you receive.
  • They can sell your contact data, and you will get more spam.

How can you protect yourself?

  • In Hotmail, there are several indications when you receive mail that might be dangerous.  Watch out for the yellow information bars that appear.  Windows Live Mail shows these information bars, too.

Phishing sample

  • Only open links in messages from people you know.  You wonder if it was really your friend who sent the message?  Why not ask them and get a confirmation this way.
  • Neither Microsoft, nor any other serious company will ask you for your credentials via e-mail.

Based on: http://windowslivewire.spaces.live.com/Blog/cns!2F7EB29B42641D59!42740.entry