More on Phishing epidemic

As a followup to yesterday's thought on phishing, I thought a quick review of how to check if a message is phishing or not might be useful.

  1. What is "phishing"? The best answer I found was this google link
  2. What to look for? Well links that ask for updates to personal information, accounts or memberships et cetera.
  3. Check any links offered to see if they actually belong to the company perportedly asking for the information. In yesterday's email example the link to turned out to be in other IP space.
  4. Suspicious still? Call the company. You may not get much but most CS personel will know if there is a campaign on-going.
  5. Be suspicious of unsigned emails asking for personal information. Most legitimate organizations and, even, individuals, digitally sign messages that can be authenticated via a root certificate.

One other thing, there's an interesting article in this month's ComputerWorld Canada on the subject of phishing that even discusses voice phishing as well. Worth going to ITworldcanda and entering 066017 in the Quicklinks box.