Then you had fake donation sites —one came up only 45 minutes after the tsunami struck. These sites would typically play on the generosity of the internet user, hoping to get him to make a donation using his credit card. Not only would the victim lose his money, but he’d also run the risk of getting his computer infected with a Trojan that would pass on information about every monetary transaction he conducted on the net to some faceless criminal somewhere, without his knowing about it.
Other variants include the ‘Letter 419‘ that typically came from some so-called widow or other unfortunate in Africa who had access to a huge sum of money and who was willing to share it with you if you paid something upfront or shared your banking details so that the money could be transferred to your account.
Some phishers have been known to offer free pornographic content to adults but not to minors. Their objective is to get the children in the family, if any, to steal the parents’ credit card and use it to access that content.
Today, the crime has become even more sophisticated with crooks targeting specific groups or individuals.
How do they do that?
It’s called “spearing” or “spear phishing” and is a bit more sophisticated than phishing.
The modus operandi in phishing is to lay the bait for as many internet users as possible with the expectation that some would bite. Letter 419, donation sites, mimics belong to this category.
Spearing is more concentrated. Let’s say you are gay and have your sexual preferences stored on a gay group in a social networking site. Obviously, the information you provide is top secret and only meant for other members in your group. What prevents a cyber-crook from pretending he’s gay if he wants to enter your network? And once he does, he’ll have a focused strategy because he knows whom exactly he is targeting.
A smart criminal might want to target IT groups today, given that this group will be actively contacting friends and associates on the internet for new job opportunities and IT contracts in a bad market.
What should one do to protect oneself from phishing or spearing attacks?
For starters, I would recommend getting the latest version of the more widely used internet browsers—Mozilla, Internet explorer or Firefox— installed on your computer, because they all have anti-phishing alerts, plus the latest versions of the anti-virus and anti-spyware programmes. Other steps one must take include:
•Never download or open attachments, whose source you are not certain about. Even if the source is trusted, see if the content is relevant, if not don’t open attachment.
•Do not give away your residence or cell number. Be especially careful when you are filling in contest forms, coupons, free gift vouchers etc. more often than not these are gimmicks to obtain your personal details.
•Set a limit on the value of a single transaction on your credit card. Purchases made beyond this would be rejected.
•Maintain two distinct set of identities on the net—one exclusively for your financial affairs and the other for other dealings on the internet such as memberships on social networking sites. Remember, your acceptance of someone as a friend on a social networking site, usually gives him or her access to your other friends as well.
•Never ever transact online at a cybercafé or even a friend’s place.
•Always type in the desired URL instead of clicking on links