Gone Phishing!

While a lack of understanding of basic security principles and a lack of education about the proper security precautions are certainly contributing factors to the success of phishing scams as well as many malware attacks, it is difficult even for professionals sometimes to keep up with the latest attack tools and techniques.

Users simply want to use their computers, not become security gurus. So, here are five steps users can take to keep from being victimized by the phishing scam du jour.

1. Be Skeptical: It is better to err on the side of caution. Unless you are 100% sure that a particular message is legitimate, assume it is not. You should never supply your username, password, account number or any other personal or confidential information via email and you should not reply directly to the email in question. Ed Skoudis says “If the user really suspects that an e-mail is legit, they should: 1) close their e-mail client, 2) close ALL browser windows, 3) open a brand new browser, 4) surf to the e-commerce company's site as they normally would. If there's anything wrong with their account, there will be a message at the site when they log in. We need people to close their mail readers and browsers first, just in case an attacker sent a malicious script or pulled another fast one to direct the user to a different site.”

2. Use The Old-Fashioned Way: An even safer means of verifying if an email regarding your account is legitimate or not is to simply delete the email and pick up the phone. Rather than risking that you may somehow be emailing the attacker or mis-directed to the attacker’s replica web site, just call customer service and explain what the email stated to verify if there is truly a problem with your account or if this is simply a phishing scam.

3. Do Your Homework: When your bank statements or account details arrive, whether in print or through electronic means, analyze them closely. Make sure there are no transactions that you can’t account for and that all of the decimals are in the right spots. If you find any problems contact the company or financial institution in question immediately to notify them.

4. Make Sure Your Computer Is A Good HOST: Your computer has a hidden system file called the Hosts file. This file can be used to hard code domain name translations and direct you to a different site. Normally if you try to visit paypal.com your computer sends the request to a DNS server which lets your computer know what the IP address of that domain name is so that your request can then be forwarded to the right server. The Hosts file supercedes DNS so by adding an entry in the Hosts file with the domain name “paypal.com” and a different IP address your computer can be redirected. Rather than being sent to the true paypal.com server your request will go to the address specified in the Hosts file. You should periodically check your Hosts file to ensure there are no such malicious entries in there. For more information about the Hosts file and how to make sure its safe you can see this article on the site for the Always Use Protection book from Dan Appleman: Bad HOSTS

5. Report Suspicious Activity: If you receive emails that are part of a phishing scam or even seem suspicious you should report them. Douglas Schweitzer says “Report suspicious e-mails to your ISP and be sure to also report them to the Federal Trade Commission (FTC) at www.ftc.gov.”