Attack of the Computer Phishers and Zombie Hordes
Have you ever received an "email" from a "bank" or "credit card company" requesting personal information? I delete any email from any bank or credit card company right away without reading them, but some people may not know to do that. I mean, come on, what institution in their right mind would send an email requesting personal information anyway? I called my financial institutions and they confirmed that they NEVER send emails requesting personal information. If you receive that type of email and still think it is for real, I say give the institution a call (the number you have on your records).
Criminals use something called "Phishing" to obtain personal information from unsuspecting people. The Anti-Phishing working group is committed to "wiping out Internet scams and frauds". Here is their definition of Phishing:
"What is Phishing and Pharming? Phishing attacks use both social engineering and technical subterfuge to steal consumers' personal identity data and financial account credentials. Social-engineering schemes use 'spoofed' e-mails to lead consumers to counterfeit websites designed to trick recipients into divulging financial data such as credit card numbers, account usernames, passwords and social security numbers. Hijacking brand names of banks, e-retailers and credit card companies, phishers often convince recipients to respond. Technical subterfuge schemes plant crimeware onto PCs to steal credentials directly, often using Trojan keylogger spyware. Pharming crimeware misdirects users to fraudulent sites or proxy servers, typically through DNS hijacking or poisoning."
The site also has information on how to avoid phishing scams. The phishers set up mirror websites of those used by consumers as a way to falsely collect personal information. I looked on one of the phishing emails I recieved and although it was suppposed to be a popular bank, the URL was something I did not recognize (hint, hint).
Amazon.com has a section in their help area with information on identifying phishing and spoofed emails. PayPal also has a Phishing Guide. The Federal Trade Commission has a section on Web Scams (and a warning about false emails). Banks like Wells Fargo also have sections on how to protect yourself against online security fraud and info on fraudulent emails and websites. Here is an example of a fraudulent email from the Wells Fargo Website:
"Subject: Notification for Customer of e-mail address change
E-MAIL CHANGE NOTIFICATION
Dear Customer!Thank you for banking online at wellsfargo.com. Our records indicate that you recently added or made a change to one of your email address(es). This notification is to confirm that you initiated this change. If you feel you have received this email in error and did not add or change your email address(es), please click here.Sincerely,
Online Banking Team"
Just in case you were wondering, DO NOT CLICK THERE! Or as the FTC says: *Don’t open the attachment. * Delete the e-mail. * Empty the deleted items folder.
I saw on Yahoo Tech a post that also identified another Internet security risk: innocent computers being hijacked to use for sending out spam. BBC News reported that "the FBI is contacting more than one million PC owners who have had their computers hijacked by cyber criminals". The hijacked home computers are called "Zombies". Another post from Yahoo Tech also discusses the ways to beat spyware (Step 1 and Step 2). All I say is that it is very important to have anti-virus and anti-spyware modules running active on your computer. Symantec has a full suite of products, McAfee and software called BitDefender (which is reasonably priced).
I am interested in what other people have used to protect themselves against computer viruses and spyware? Any other lessons learned?