Computer Crime Research Center

cybercrime/img21.jpg

Howto avoid phishing scam

Date: November 21, 2005
Source: newsobserver.com
By: Arati Bechtel

Q:I received an e-mail message that seemed to be from eBay that said my account might be suspended if I don't update my account information. I think it is fake. How can I tell?

A:Spoofing or "phishing" e-mail appears to be from a reputable sender, such as eBay, a bank or other company, but is actually from someone else. Spoofers want you to reveal valuable personal information, such as user ID, password, credit card number and Social Security number, by filling out a form in the e-mail or in a Web page the message links to.

Often the e-mail will look official, displaying a familiar logo, listing a sender's address that includes the real company's name and mentioning official details such as a copyright notice and rules relating to your account. But faking such an e-mail is relatively easy.

When you receive an e-mail that seeks your personal or financial information, take some time to analyze it before acting. EBay says any e-mail that asks for personal information within the body of the message is a fake. Another sign, according to eBay, is that the greeting in the e-mail is general, as in "Dear eBay member."

In spoof e-mails, links to Web pages may be forged. You can check this by rolling your mouse over the link; if the actual Web address (which will appear in the lower-right of your e-mail program's window) does not match the address typed in the body of the message, the link is forged.

For eBay users, a simple way to check the veracity of e-mail that claims to be from eBay is to log in to your eBay account, go to My eBay and click on My Messages in the left-hand menu. If you have no messages there about your account, then the e-mail you received is fake.

Another thing you can do is to forward suspicious e-mail to eBay at spoof@ebay.com. EBay says it will examine the e-mail headers and any other information contained in suspect e-mail.

Finally, I recommend you study eBay's excellent tutorial (available at pages.ebay.com/education/spooftutorial/) about identifying fake e-mail, which would be helpful to anyone, not just eBay users.

Q:How do I get rid of the old addresses for Web sites I've visited that keep appearing in the address bar and my old searches in Google? I use Internet Explorer on a Windows XP computer.

A:Your Web browser will remember the addresses for the Web pages you have visited for a specified number of days that you can set. If you explore the Web a lot, hopping from one site to another, the address bar on your browser will sprout a long list of addresses for the pages you visited.

To get rid of that list of addresses, you will need to clear your history in your browser. In Internet Explorer, click on the Tools menu and select Internet Options. Under the General tab, click the Clear History button.

Also here in Internet Options, you can delete the search history you see when you use the Google search form. Select the Content tab. In the Personal information section, choose AutoComplete and click on Clear Forms. Click OK to finish. That will clear all forms, not just Google's.

If you don't want your browser to remember search terms in the future, uncheck the box beside Forms in the AutoComplete section.

As an alternative to this process, you can delete individual search entries from the Google search form by clicking the down arrow key to choose an old search entry and then pressing your delete key.
Original article



Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo