Phish or spam?

It seems that “phishing” has replaced “spam” (or spamming) as the preferred method of tricking the unsuspecting public into parting with their hard earned cash, according to a survey carried out by PC security company Symantec. See the full article here

So what’s the difference? Well both of these techniques involve sending out large numbers of emails to either pre-compiled or sometimes just randomly generated email lists. The difference lies in the content of the emails. A typical spam mail might contain a link to a sales website and will try to get the recipient to buy a product (typical examples include watches, medication and qualifications). The recipient would then enter their bank details and the amount of the product they were trying to buy would be taken from their account. Another classic example of spam email was the infamous Nigerian Advance-fee fraud scam.

Phishing though might be considered to be an evolution of spam and is perhaps more devious. A typical example of a phishing email would look almost identical, and appear to come from a reputable high street bank or other well known financial organisation. It would try and get the recipient to part with (typically) online banking information, or other private information pertaining to the apparent organisation. Falling foul to this kind of hack is potentially extremely costly as, instead of losing just a set amount of money, a potential attacker could have access to the entire funds in the hacked account.

What can you do to help to protect yourself? There are numerous things you can do – some of them are technical and some of them are common sense practises.

Technically you should always keep your operating system up to date with OS vendor updates. For Windows users go to the start menu, (all)programs, and select “Windows Updates”, follow on screen instructions. For Mac OS X users go to the Apple menu and select “Software Update…”, then follow on screen instructions. You should always run some kind of antivirus program, and most importantly keep that up to date. There are decent free programs currently available for both Windows and Mac, for example Microsoft Security Essentials for Windows and ClamXav for Mac. Finally if your OS has a built in firewall you should make sure that is enabled for your network connection. For Windows this can be enabled in the control panel  (Windows Firewall) and for Mac OS X 10.6 and later go to system preferences, Security, Firewall (toggle on/off from here). Following these steps will reduce the likelihood you will accidentally run malicious content on your computer and reduce the number of malware applications able to run on your computer.

Common sense practises are quite simple. Firstly never follow any links from an email if you have any doubt whatsoever that the email is fishy (phishy). If you appear to have been sent an email from an organisation you have no affiliation with (for example if you bank with LloydsTSB and you have been sent an email from HSBC saying there is a problem with your account) then you can be sure that this a phishing attempt. If you are in any doubt, DO NOT follow any links in the email then phone the organisation. Finally, and most important of all, a legitimate organisation will NEVER ask you for your passwords, either on an email, website or over the phone, therefore you should NEVER divulge this information to anyone. Period.

For further reading follow these links.