Click here to see a list of previous articles.

Click the image to see larger version

Where's the Nearest Phishing Hole?

A be-lated Happy New Year and Merry Christmas to everyone. Before I get on to this week's subject, I would like to impart some information that some of you may find of use. The Mozilla Foundation has made an e-mail program called Thunderbird, which has been mentioned in past newsletters. The latest release has brought an immensely handy option: By default -- meaning this setting can be changed if you like -- Thunderbird blanks all images in any mail you receive; that is, makes them disappear. This means that if you're prone to getting rather undesirable e-mails that contain images, using Thunderbird will make your life the bliss that it should be. Or, at least, that much nicer.

This newsletter was suggested by a great guy and reader of the newsletter (Thanks, Erik!) and is actually quite serious. So much so that I invite you all to forward this newsletter to anyone you know because a lot of people could easily be affected by this, even if they don't know it. Some of you may have been affected by it, some of you may yet be affected by it (not after reading this, though!) and some of you may have just heard about it in the news. It's about something called Phishing. The term's origin isn't known, only speculated, but what it does is what it sounds like: "fishing" for information. A lot of you who receive spam may see e-mails coming from institutions -- such as banks, eBay or even Paypal -- asking you to update their records. If you don't have an account with them, you ignore them, of course. But if you do and that e-mail looks pretty darn authentic, you'll likely end up clicking the links they ask you to and filling in the information they ask of you.

This sounds pretty harmless, but what is happening in every one of these e-mails is that a) they are not coming from your financial institution and b) they are sent to trick the user into submitting their account information to absolute strangers who have nothing to do with the institution. Their only goal is to get you to tell them, unwittingly, what your account number and login information is. After this is successful, they pillage the account and the user wonders why he or she has no more money.

Any of you who wonder how anyone can be so easily duped haven't seen the really good attempts at these phishing expeditions. Many of us have heard of the people who were duped by the son of a King in Africa looking for funds or someone who calls you up, says you've won a prize but you need to pay money before getting anything. Those have immediate flags because someone you've never heard of wants something from you. But if you have something that looks exactly like your institution's webpage and sounds quite formal and asks for you to do something you've done many times before, it doesn't seem so far fetched. That is why phishing has worked so well. Click on the image to the right to see what the fake screen looks like. Pretty convincing, isn't it?

So how do you avoid becoming a victim in this Mail O' Deceit? The answer is wonderfully simple: When it comes to e-mail, anytime anyone asks for personal information you wouldn't give to a stranger, don't give it. They may look like absolute authentic e-mails, but you will only find such notifications from these institutions on their websites. If a company you deal with sends you an e-mail, check their website for notifications. But check their website by going there on your own. Do not, ever, click the links in the e-mails.

If you'd like to read some information on phishing, you can read it by clicking this link. Otherwise, heed the message of this newsletter: If it's in your e-mail and they want something from you, check it out on your own without clicking any links. Additionally, if you use spam filtering software, like the aforementioned Spampal, most or all of these messages will be sent the Spam Dungeon.

Lastly, a reader recently had a computer crash and all data on the system was lost. There were no backups. Conversely, another dear reader had a drive fail (maybe it's sun spots?) but had most of the data saved on CD. I would like to implore the digital readership to not only entertain, but to follow through on acquiring a backup device of some sort to save all data you deem important on your computer. It won't change my life, but it will certainly make yours much more secure.

Last newsletter, I'd mention that we'd talk about networking in small places, like at home the following week. Well, the holidays got in the way, so, if you have more than one computer and want to connect the two so you can either share files or share printers, you'll want to read next week's newsletter!

If you have any comments, questions or concerns about this newsletter, feel free to e-mail me at sean@beggs.ca.