I remember, years ago when I saw my first phishing website; I was impressed. It looked exactly like the website of a popular credit card company, right down to the logo, buttons and graphics. The only way that I could tell it was fake was that the address in the address bar of my browser wasn’t quite right.
The lucrative sport of “phishing” has been around for years, but has become super-profitable as of late. The attacks usually start with a bogus email that tells you to go to a bank or credit card website to “update” your personal information or take advantage of a special promotion. As soon as you type in your username and password, the bad guys have you hooked and can start stealing your money. According to a study by Gartner, over 5 million U.S. consumers were ripped off by phishing attacks in the 12 months preceding September, 2008, representing a loss of almost $2 billion.
You’ve probably received a phishing email before; statistics show that about 80% of online adults have. What’s more disturbing, though, is that 4.4% of folks receiving phishing emails swallowed the bait and lost money to the bad guys. Compared to most email marketing campaigns, that is a shockingly high response rate.
The phishing scams invented by the bad guys are very clever and take an aware mind and keen eye to detect. VeriSign, one of the world’s biggest providers of Internet services, has put up a website where you can test your phishing scam-spotting skills. Sadly, a large segment of the Internet population seems to be clueless in detecting fake websites.
Remember the “s+lock” rule that I discussed in my May 24 article? 57% of those surveyed by VeriSign failed to follow that rule. 34% were fooled by phishing websites, even though the websites had goofy Internet addresses. An amazing 88% were fooled by fake websites that were loaded with spelling mistakes.
To counter this dismal situation, VeriSign is promoting a new way of verifying legitimate websites, using the latest high-security browsers that will turn the address bar green when visiting a safe website. However, until such a verification process becomes widespread, I recommend using safe-browsing tools such as Web of Trust, as discussed in last weeks article, “Who do you trust?”
I encourage you to test your anti-phishing skills by taking VeriSign’s’ phishing test at phish-no-phish.com; it’s a fun and very educational test. Just remember, your bank, your credit card company, your investment broker, your Internet service provider, eBay and PayPal will never, ever send you an email asking you to visit their website and update or verify your personal information. When you receive such an email, hit the delete key as fast as you can.