Sunday, February 1, 2009

Don’t be phish food: how to avoid being phished


By Brenda Coxe

With so many different scams on the Internet, it can be difficult for the average person to know what is safe and what isn't. Phishing sites are become more common and are very difficult to detect at a glance.

Legitimate mirrors versus phishing sites

A strange variant of phishing sites are sites called mirror sites. Mirrors are not necessarily the same thing and a mirror is not necessarily bad. A mirror site is often a valid site set up to mirror another site such as ecommerce, Free for All Pages or link building sites.

A mirror site means that all of the pages for a particular site or product line are the same thus making it easier to set up new sites for those interested in promoting that product or service. Mirror sites are also often set up when the traffic of a particular site is extraordinarily intense, giving visitors another location to get information or download files. Finally, mirror sites are often used by dissidents in oppressive countries -- they get their sites mirrored outside the country so if the government takes their site down, their voice can still be heard.

Phishing sites on the other hand are those made to look like a valid Web site when, in essence, they are set up to steal a person's personal information. For example, you might think you're on Bank of America's Web site because the site looks identical in every way to the BofA site. You might, then, enter your username and password and attempt to log in, giving the "phisher" all the information he needs to swipe your personal data (and possibly send your money to himself).

Protecting yourself

With phishing such a big problem, how can you protect yourself? One of the easiest ways to avoid being phished is to avoid clicking on links in emails or on Web sites when you are not absolutely sure of their safety. If you want to visit a Web site that is unfamiliar to you, type in the URL of the Web site instead of clicking on the link or even copying and pasting.

The reason you want to avoid even copying and pasting is because if the link is to a phishing site, copying and pasting will take you to that site rather than the valid site. Thus, copying and pasting a URL that comes in an email is opening you to the potential danger of entering a phishing site -- thus providing passwords and other personal information to hackers and others who will use the information for their own unlawful purposes.

Another way to avoid being phished is to use software that has the capability of identifying phishing sites. Some of the newer versions of internet security software have this capability. The latest versions of Firefox and Internet Explorer both have anti-phishing features.