Spotting a Phisher

The October 7 FBI arrest of 33 people for phishing, (the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication, per Wikipedia) has caused web design companies and users to become more conscientious about the possibility of their email accounts and websites being hacked (accessed without authorization). Once your email is hacked, there can be a domino effect that will impact other areas of your online “life”.

The fact is, many people use the same password or variations on a password for all or most of their online accounts like social networks, banks, IMs, etc. This makes a phisher’s work a whole lot easier; it’s like giving him/her the master key to your front door and all of your safes and vaults.

In the arrest of the largest group of suspects in a cybercrime case (“Operation Phish Phry”), the FBI targeted at least 100 people. According to the FBI, Egyptian authorities have charged at least 47 unindicted co-conspirators there in relation to the scam, which took place from January 2007 through September. Here’s how it worked: Per a 51-count indictment returned last week by a federal grand jury in Los Angeles, the defendants in Egypt used e-mails to entice Wells Fargo and Bank of America customers to visit counterfeit bank websites that had been set up to steal victims’ usernames and passwords. The Egyptian defendants then drained funds from the victims’ accounts into new accounts at both institutions that had been opened by the U.S.-based defendants. Slick, huh?

An FBI spokeswoman said they believe the faction tricked several thousand people into giving out their online banking information. In all, they are accused of transferring more than $1.5 million to the fake accounts. But she also said that not all of that money was withdrawn, because the banks ultimately cooperated with authorities to identify which accounts received fraudulent transfers.

But if a user is even slightly savvy, a fake URL (web address) is easy to spot. Even if you get sucked into the fake website there are clues that make it obvious that you are not where you’re supposed to be. Fake-website developers tend to be transparent in their rush to start raking in the cash, and their sites are not inclined to look as professional as those that are designed by “real” website developers. Some are downright sloppy. In addition, they will let you into their website no matter what you enter into the username and password fields (how would they know if they’re real or not?). This is clue #1. And if you actually need another clue, they soon ask for your personal information (bank account number, PIN, credit card number, etc.).

There is one surefire way to determine if a website is what it purports to be: check the source code by right-clicking on the web page and clicking “view page source”. This will reveal the actual origin of the page. Also check the port number against the one on the true website.

Just keep in mind that websites that store your account numbers, PINs, and other personal or financial information do NOT send out solicitations requiring you to enter them—they already have them. When in doubt, call the institution and ask if they are aware of any emails going out like the one you received. Better safe than sorry.

Juno Web Design

Related Posts

• Gmail Ditches a Feature

  Gmail became widely popular for its growing feature set, browser-based application, and ease of use.  It stands out from other webmail services because of its search-oriented interface and “conversation view” that resembles internet forums.  It has a web design built to make users feel as if they are always on one page rather than navigating [...]

• Supercharge Your Bookmarks

  Once you have bookmarked your pages via the Onlywire.com interface, you can supercharge your bookmarks by pinging your individual Bookmarks accounts Like de.lirio.us, del.icio.us, blinklist, bibsonomy and any bookmark accounts that file you under a username.If you go to pingoat.com and pingomatic.com you can PING your actual book mark accounts. For example, with del.ico.us just [...]

• Creating Your Social Networking Website Profile

  How you would like to meet and communicate with other internet users, especially ones that share the same views and beliefs as you do? If you would then you may want to think about joining a social networking website, if you haven’t already done so. When it comes to easily finding and communicating online with [...]

• Facebook Connect Goes Mobile

  Facebook Connect was launched in part to replace the ill-fated Facebook Beacon, which caused great alarm because it tracked and gathered users’ information from third-party sites and then shared it with the users’ Facebook friends without their consent. For instance, if you bought something from Fandango.com or Overstock.com, your Facebook friends would be notified [...]

• Paypal Officially Launches Student Accounts

  Paypal introduced Students Accounts, a program designed to balance convenience for parents and their kids with financial responsibility. The program is centered on the use of a debit card. It was first presented in beta version back in December 2008, and has taken several months before being officially launched to US consumers.Just in time for [...]

Find out more about Juno style Wordpress web design
Find out more about Juno style Magento web design

Return to web design news.