Friday, December 02, 2005

Phishing

This post can be ignored by about half of the readers of this blog (you know who you are - working at a national security lab is a good indicator that you are in this group). Although I would appreciate their comments.

Last night on NPR they were disucssing Phishing and that around the holiday time you should expect a lot more of it. The link will give a better explanation, but basically Phishing is trying to get you to give out your personal info (credit card number being the big one, but other items are also helpful). Phishing falls under the category of social engineering.

I've posted about The Art of Deception, a book about social engineering, before. If you are really interested it is a good read. If you do not want to read a whole book about it, the main take away message is if someone contacts you (email, phone, whatever...) you really have no reason to trust that they are who they claim to be. Especially in email never trust links there are a lot of ways to make an innocent looking link take you somewhere you don't expect. (If a friend says hey look at this website it is funny and include a link then that should not be a big deal - just do not give the site your credit card number or any other information, and if the email seems strange at all contact the friend and make sure it is really from them (don't use the reply button that defeats the whole point - just type up a new email)). Say you get an email from Amazon saying there is something wrong with your account - don't follow the link in the email - just go directly to amazon.com and sign in and see if the website says there is something wrong - if you are really concerned get their phone number off their website. The key idea is go to a trusted source and go from there.

If you are worried that someone got your info call the company they claimed to be from (get the info off their website or phone book - not from the person calling or unwilling) and ask them if it was legitimate - if not just call the credit card company and tell them what happened.

Well I hope that helps and was not too rambling.

No comments: