Phishing (pronounced fishing) is an interesting phenomenon and one which receives a huge amount of attention, yet people are still caught out.    For clarity, Phishing is an attempt to extract sensitive information from a user -- normally bank/credit card details.  Phishing sites are constructed to look like legitimate web pages in order to fool the visitor.  Often links to phishing sites are distributed via spam emails.

I am continually amazed at how many people seem to fall for these sites and quite happily believe what they see on screen and give away details with barely any thought.  There is no excuse for it now.

The industry has taken serious steps to try and protect us but as always it eventually falls at our own doorstep to be vigilant.  Any modern browser has anti-phishing tools built in.  Your browser is continually in communication with the internet, maintaining a list of known issues and will warn you when you click on a bogus link.  There are also several great browser add-ons to notify you of potentially fraudulent sites;  Web Of Trust is my personal favourite but there are many others.

The key message here is 'upgrade your browser' -- All the key players have tools built in; even Internet Explorer.  So make sure you are up to date.

The recent phishing attack geared at MobileMe/iCloud users really floored me!  iCloud is an up and coming replacement from Apple to their MobileMe offering.  It will no doubt be the next big thing from Apple and it receives a huge about of press attention and speculation.  The product has not launched yet but still there is a phishing attack and people eager to give up their cash.

Given the massive press coverage and Apple fan-base, there is no way on this earth that we would not have read of the launch of iCloud, so why did people fall for the phishing scam?  Why would people honestly believe that Apple needs to know your social security number? It beggars belief!

The page is very well constructed to look like an Apple page but the basic rule still applies -- never give your credit card details if you are not on a secure website (look for the padlock on the address bar!).  The email also starts "Dear MobileMe user".  Surely they would take time to address you correctly if this was legitimate

When giving personal details on-line, think...

  • Is the site secure? The padlock on the address bar means the site has had stringent checks made on its identity.
  • Is the information it is asking for relevant?  Very few (if any) sites need your social security/(NI in the UK) number.
  • Read the whole page carefully. Are there spelling mistakes or grammatical errors.  Legitimate organisations pay people to proof read their site so if it asks for your "homes address" think very carefully!
  • Who is the page addressed to?  More specifically, the page/email you clicked to get here.  'Dear customer' is very vague and impersonal.  If they know who you are they will probably greet you more formally.

Below is a screen shot of the site mentioned above, if you are curious.

Be careful out there kids, and be vigilant with your details on the 'net!

site by DAJ