Security Corner

Sep 3 2010   3:11PM GMT

How to Combat Phishing Attempts

Ken Harthun Ken Harthun Profile: Ken Harthun

It seems that phishing attempts just keep increasing. Yesterday, more of my friends on Skype were sent this link: http://miw.host.sk/www.skype.com/?id=79826&lc=us along with the usual broken-English message, “hi how are you, i send to you link please sign in ok.” Recall my posts on the Skype phishing/hacking last month, which you should read and apply first:

Skype Phishing Attempts and Account Hacking – Part 1

Skype Phishing Attempts and Account Hacking – Part 2

The first thing you have to learn here is to NEVER CLICK on any links sent to you in email, chats, Skype, whatever until and unless you have verified their source and authenticity. The link above is obviously fake to those of us in the know, but to a normal user, it looks like it came from Skype.

The second thing you have to learn is how to recognize these bogus links. The casual observer will see www.skype.com in what looks like the right place. It would be, except for the single slash in front of it. The web server treats anything after the “/” as a directory. What you have here is the real URL, http://miw.host.sk, pointing to a directory called www.skype.com which contains a fake Skype login page. You can ignore the /?id=79826&lc=us. It doesn’t matter to anyone but the hacker. If you fall for this ruse, they get your password. This is typical of most phishing attempts.

The third thing you have to learn is that you absolutely MUST NOT use the same password for everything. If the hacker gets your password and is able to find out where you bank or find other sites that you log into, they will try that password out. In fact, the first place they are going to go is your PayPal account and heaven forbid if they know your PayPal email address!

You have two tools at your disposal to help combat this menace: OpenDNS and their excellent service, PhishTank. (I’ll do a separate post on PhishTank next week.) OpenDNS Basic is a free service that gives you all this:

  • Reliable DNS Infrastructure
  • Web Content Filtering
  • Phishing Protection
  • Basic Customization
  • Typo Correction

Head on over there, sign up for the free account and learn how to set it up on your system. Once you have it set up, you’ll get a message like this if you try to visit a phishing site:


This is actually working with PhishTank to determine whether it’s a known phishing site. I’ll tell you how to join the community and help report phishing sites in a future post. Also, look for a video or two on how to configure OpenDNS and how to recover a hacked Skype account.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: