Tender-expert – It all started with a web site owner receiving an e-mail from an unhappy client informing him that the anti-phishing scanner of Internet Explorer RC1 detected his site as a possible fraudulent web site. When Internet Explorer detects a possible fraudulent site, it warns the user not to enter any personal or sensitive information on the specific site in question. This means that if your site gets detected as a phishing site, you will most certainly loose clients because no one will want to trust you (of course not the actual owners of the sites you’ve been warned about!).
But this is all wrong according to Wikipedia’s definition of a phishing site:
“A phishing site is a website that misrepresents the true identity of the site it is trying to fool users into entering. Phishing is an example of a man-in-the-middle attack, where a malicious website disguised as a legitimate one is used to commit a fraudulent transaction with users. These types of attacks are common on social networking sites, such as Facebook and MySpace. Phishing is typically carried out by placing one or more phishing sites on a user’s computer, which when visited, triggers a search for other computers on the same network, and thus begins the process of attempting to steal passwords and other sensitive information.”
How could one even think about clicking a link like that? But lots of people, maybe even most of the people who read this article, might actually be thinking along these lines: “I knew a guy who got his credit card number stolen online. He was definitely not a security expert!” Let me correct this misconception right now and I promise you’ll see a lot less of these types of incidents in the future. Before I correct this misconception, let me first explain to you what really happens when you get ‘phished’.
When you get ‘phished’, it basically means that someone sends you an e-mail (or more pokerlounge999, a fake e-mail) that appears to originate from a legitimate company. Once you click on the link, however, you are taken to a web site that looks identical to the genuine web site of the company. And depending on the genius behind the fake e-mail, you’ll be asked to confirm account details, or preferences. If you’re an online shopper, and you’ve got doubts about the source of the e-mail, which institution is to blame, is where the fraud stops, because inevitably they will always blame us. In reality, the web site is never going to tell you that your account has been misused; it’s going to impersonate a bank, a credit card company or an e-commerce site. These web sites have all got nothing to do with each other.
It takes seconds to check, and it’s a good idea to write down all your bank’s details, just in case you forget to do it. It’s worse if they send you the details by e-mail. That’s just plain asking for trouble. Remember:If it’s too good to be true, it probably is.
Share the knowledge.
Let’s face it, no one really knows what goes on behind the scenes at some of the big banks. Maybe their systems are hacked, maybe there is a limit on how much they can refund each month, maybe they’ve got a live person answering customer questions on the phone, and if you get a refund for money that you didn’t earn, who needs a guarantee? From experience, I’ve found that most people wait until they’ve run up expenses enough to brave the risk. Then, two or three weeks later, they send out their credit card statement and find major discrepancy after major discrepancy.ahhh….!
What happened? Well, most probably, they were taken. Dishonest, downright dishonest. These people, once rich, are now struggling to pay back everyone who gave them money. Suddenly, they have very little in the bank account to cover people’s bills. They are just trying to make ends meet.
Can this happen to you? Maybe. It’s happened to me.