Phishing lures: bogus e-mail and copycat Web sites threaten school users.When an unsuspecting Chicago-area teacher recently got a surprise call from a merchant in New York New York, state, United States New York, Middle Atlantic state of the United States. It is bordered by Vermont, Massachusetts, Connecticut, and the Atlantic Ocean (E), New Jersey and Pennsylvania (S), Lakes Erie and Ontario and the Canadian province of about an online purchase he had never made, he discovered someone else was using his credit card number. It turned out the teacher had earlier complied with an e-mail message directing him to click on a link to resubmit Verb 1. resubmit - submit (information) again to a program or automatic system feed back return, render - give back; "render money" personal information to his credit card company if he wanted to keep his privileges. The only problem was the e-mail and the Web site were both fake. Each was devised by new Internet See Web 2.0 and Internet2. thieves who trick unsuspecting users into divulging sensitive data online. Similarly, an administrator in New York reported that a colleague received e-mail to reenter re·en·ter also re-en·ter v. re·en·tered, re·en·ter·ing, re·en·ters v.tr. 1. To enter or come in to again. 2. To record again on a list or ledger. v.intr. data for her online PayPal account and was taken to a bogus site that even displayed the PayPal URL URL in full Uniform Resource Locator Address of a resource on the Internet. The resource can be any type of file stored on a server, such as a Web page, a text file, a graphics file, or an application program. in the address bar. Not only can crooks forge the addresses of fraudulent sites that users are enticed to visit, they have also been able to copy the small padlock graphic that guarantees "secure" transactions. I receive such phony notices regularly, whether or not I have the accounts in question. This fast-spreading scam that mimics e-mail and Web sites from legitimate companies is known as "spoofing," or as "phishing," since it fishes for personal information including user-names, passwords and social security numbers. (Phishing is a hacker term, and the "ph" comes from "phone.") An anti-phishing industry group estimates that up to 20 percent of recipients respond to the deceptive messages, which leads to financial loss, identity theft and other fraudulent activity. The FBI calls phishing the "hottest and most troubling new scam on the Internet," and your staff needs to be ready. Phishing in Schools As phishing continues to net unsuspecting adults who believe that apparently official requests for personal information are not out of order, children are less equipped to recognize the seams and may be enticed to give away names, addresses and telephone numbers. All school Internet users are therefore potential victims. For this reason, Jerry Taylor Jerry Taylor (born 1963 or 1964) is a senior fellow at the Cato Institute where he researches environmental policy. He holds a Bachelor of Arts degree in political science from the University of Iowa. , technology integration teacher in New York's Greece School District, sent e-mail to colleagues about how to recognize and avoid being duped by "the realistic and authentic-looking fake Web sites." Although phishing schemes can target users through many channels, they gabled a major foothold because of a flaw in Internet Explorer Microsoft's Web browser, which comes with Windows starting with Windows 98. Commonly called "IE," versions for Mac and Unix are also available. Internet Explorer is the most widely used Web browser on the market. It has also been the browser engine in AOL's Internet access software. , the browser used by 95 percent of the online world. According to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. Microsoft, "a malicious user could create a link to a deceptive (spoofed) Web site that displays the address, or URL, to a legitimate Web site in the status bar, address bar and title bar." Users would therefore believe they were accessing a genuine site, but were really going to one that is fake. Fortunately Microsoft released a critical update last February, and all Internet Explorer users should download the patch. To see if your browser is vulnerable, try the demonstration at the Broadband site listed below. Cleaning Phish While technology solutions are important, the first line of defense is always the savvy consumer. Taylor and others recommend the following defensive measures for staff, students and parents: * Do not supply information requested by e-mail, without prior confirmation (children should never release personal information). * If there are legitimate account questions, contact the requesting organizations through other means. * Do not trust "clickable clickable adj (COMPUT) → cliqueable clickable adj → cliccabile " hyperlinks in e-mail messages, and instead enter URLs manually. * Roll your mouse over included links to see if a suspect address form is displayed in the status line. * Be suspicious of hyperlinks on Web pages you have never visited before. * Experiment with alternate browsers such as Mozilla, Opera or Safari. Web Resources * Anti-Phishing Working Group The AntiPhishing Working Group (APWG) is a consortium that brings together businesses affected by phishing attacks, businesses that provide security products and law enforcement. The APWG has more than 2700+ members from more than 1600 companies & agencies worldwide. www.antiphishing.org * Broadband.com IE Vulnerability www.dslreports.com/shownews/36402 * Federal Trade Commission www.ftc.gov * FTC ID Theft www.ftc.gov/idtheft * Microsoft Security www.microsoft.com/security * Phishing www.wordspy.com/words/phishing.asp Odvard Egil Dyrli is senior editor and emeritus professor of education at the University of Connecticut The University of Connecticut is the State of Connecticut's land-grant university. It was founded in 1881 and serves more than 27,000 students on its six campuses, including more than 9,000 graduate students in multiple programs. UConn's main campus is in Storrs, Connecticut. . |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion