Nude Phishing

By Mark Strickland

Chief Software Engineer

SimplyBASICsoftware.com

Yep some of you have probably done “Nude Fishing” … but hopefully you have not responded to any “Nude (or otherwise) Phishing.”

Phishing is one of the must subtle and dangerous tricks on the Web. We have all gotten emails from unknown sources asking us to do something but when it comes from what looks very much like a valid source that you know you may be tempted to click a link in those emails.

Phishing (a play on the word “fishing”) is generally an unsolicited email normally asking you to click on a link and login to some seemingly known website like your bank. What really happens is the link takes you to a rogue site that looks just like the one you expected and you enter your login user ID and password. The login fails (because it is not the real site) but the rouge site records your input then carefully redirects you to the real site so you can try again.

Danger, danger, you just revealed your login information to somebody you don’t know.

This is so dangerous because it looks so normal. You will likely think … “Oops I must have done a typo in my password”. Now the rogue site has your user ID and your password. They now can login to the real site. If this was your bank account they would possibly have full access. If the perpetrator does a good job you may not even recognize what has happened.

Some banks are now adding additional checks to help avoid Phishing. Some allow you to enter some personal questions you must answer in addition to your user ID and password. If the rogue site is sophisticated enough they will collect this information also. Other banks will show you a picture that you previously selected or maybe even uploaded BEFORE you enter your password. If the picture does not match then you should know it is not the real site and not enter your password and complete the login. The Phishing site won’t be able to know the correct picture you previously selected.

So beware if you get an unsolicited email. If you think it is real then browse to the Website yourself and login but DO NOT use the link in the email. Many Websites have a place to report Phishing attempts or other security issues. If you get “Phished” try to report it.

Remember to use your most important security tool … your brain. If it seems suspicious check it out.

Mark Strickland developed AANR’s iPhone app, AANRmobile.

Comments