How To Transact Safely Online While Fly Phishing In A Tank

20Nov06

If you’re planning to apply for netizenship in digital country, and join the millions of other migrants who are hopping on board to enjoy the freedom and glean the wealth of information and riches that the Web has to offer, you’ll have to learn the culture of the web first, to acclimatize yourself well to its surroundings. Failure to do so will result in you standing out like a sore thumb, highly vulnerable to newbie taunts (think Borat)  and scams (the online equivalent of being robbed in broad daylight).

If you’re willing to do this, you’ll enjoy the rest of your stay in digital country, following the brightly lit, well-trodden paths used by other netizens and avoiding the dark alleys often haunted by a sleazy, knife-wielding mugger (the online equivalent of whom could well be a nerdy pajama-clad, bespectacled teenager armed with a fully decked out keyboard).

The precautions you take in the real world have to be replicated online as well. Whether it be buying something on eBay, paying your bills, or conducting any form of online transaction, the risks and dangers of being robbed online are very real. Hacking, spyware, adware, viruses, the infamous Nigerian e-mail scams, or phishing (a method of tricking you into surrendering your personal information for identity theft), and mutations of such frauds are a worrying trend. 

You may have seen some of these scams in your inboxes, or floating around the web as disguised e-commerce sites (sometimes known as spoof sites). If you’d been a victim of such scams and sabotage, you can attest to the fact that even the most discerning amongst you, ‘never saw it coming’. Such are these clandestine operations – preying on you when you least expect it, proving to unwary doubters that these threats are no urban legends.

Almost anyone with a limited amount of knowledge of computer programs can gain control of your PC. It is as simple as installing a freely obtainable remote control software on your PC and letting voyeurism take over. Every move you then make is watched. The perpetrator can now steal your identity, send you spyware wrapped in an innocuous looking e-mail disguised to be from a long lost friend (after all, the person already knows a whole lot about you), and a worst-case scenario, implicate you in any of the perpetrator’s criminal activities (stolen identity, remember?).

Believe it or not, I did not rip that paragraph out of a Tom Clancy spy thriller. Google “identity theft” and see what pops up.

 Screenshot 1

15 million returned results. Prove of a genuine interest and concern in this area.

So what can you do to protect yourself? Plenty. At the top of the list, use common sense. Don’t let strangers use your PC, whether at home or in the office. Don’t dump your credit statements or bill payments in the garbage, where it becomes easy pickings for wandering fraudsters. 

When checking e-mail, don’t click on attachments, even if it’s from mommy (mommy doesn’t always know best). Even if it’s from a trusted colleague and the attachment is important, make sure you run it through an updated anti-virus software (you do have one, don’t you?) before downloading it. Delete any kind of e-mail that claims to be from a Prince of the island of Dr. Bunco, whose father had just passed away and left him an inheritance worth billions but because he needs a certain amount of money to release the inheritance, he’s now writing to you for help (don’t even ask how the ‘prince’ got your e-mail) and as a reward for your help, he’ll split the inheritance with you 70/30 in your favor.

Install a firewall in your PC and setup your browser’s privacy settings to maintain a certain level of security while surfing the web. E-mails that purport to be from a certain bank or an e-commerce site, warning you of an overdue bill or unsettled payment, should always be viewed with caution. If you’re requested to click on that link and fill out your personal information, DON’T.

Always, always, fire up a new web browser, physically type in the organization’s URL in your browser and find if such a page exist; similar to the one in your e-mail. If you’re still unsure, pick up the phone and call the organization in question. You’re bound to get the truth by then. Which, leads me to what I really wanted to share with you; making a safe transaction online.

If you’d been online for any amount of time, you’ll probably testify to the speed and convenience of making bill payments via the web, convenience of shopping at your favorite online store or simply, conducting a quick business transaction via sites such as Paypal. And as I mentioned above, phishers have mastered the art of spoofing e-commerce sites to the point where unsuspecting users are blindly sucked into divulging personal information they would never usually give up, even to their spouses.

Here’s what you need to do to protect yourself. Let’s say you’re shopping at GAP. You’ve chosen the product and GAP now takes you to a page to fill in your particulars. This is usually the first step of four or five in an e-commerce buying process. This is the time to look-out for a few minor, but important details. 

Two items in your browser which are fairly obvious to spot are, the URL of the site you’re on and the closed padlock. Ensure ‘http:‘ is now ‘https:‘. The padlock should also be closed. Both items are almost the first things to look-out for before divulging any of your personal information.

 Screenshot 2

However, these are not foolproof methods for verifying if a site is encrypted. The variation of authentication certificates today makes it quite easy for phishers to get hold of one and mimic a bank’s or e-commerce site. Frightfully enough, you will hardly be able to tell the difference.

Hence, using the closed padlock as a gauge to determine authenticity of a site, can sometimes be almost self-deceiving, but nonetheless, still a necessary feature to check on. Certain browsers also change the color of the address bar when you’re viewing an encrypted site. Firefox for example, changes the color of its address bar from plain white to yellow when it displays an encrypted site.

 Screenshot 3

Alarm bells should go off if you’re warned of an expired certificate. That’s a clear indication that you should stop any form of transaction, immediately.

Comodo, one of the world’s largest certification authorities, offers a free download called a ‘Verification Engine‘ that gives you the opportunity to verify the site that you’re visiting is a trusted one. I think that adds to some peace of mind and is definitely worth a download if you’re unsure about your ability to verify trusted sites.

Finally, another precautionary measure to ensure that you’re not being taken for a ride, is to visit PhishTank. A site true to its name, PhishTank is a clearing house for information about phishing on the Internet.

 Screenshot 4

Apart from using Comodo’s Verification Engine, you can reassure yourself even further by checking against PhishTank’s database. If you happen to come across a phishing site, you can add that to the database and support the cause for reeling in these phishers and serving them on a platter. A site such as PhishTank can only truly be kept up-to-date if users everywhere collaborate on fishing out these foul-smelling phishers.

Hope, you’re now more confident of taking on the dangers the dark-side of the web might throw at you. If we keep ourselves and others educated on how to stop being victims and start being collaborators to keep the web safe, not only for ourselves, but for the kids who are so much more susceptible to scams, we can truly make our stay in digital country a blissful one.



One Response to “How To Transact Safely Online While Fly Phishing In A Tank”


  1. 1 I See Dead Phish « ChalkTalk

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s


%d bloggers like this: