DIGITAL LIFE | Going Digital

ZONE IN: Going Digital

By hook or by crook
Roy Johnson
Phishing is a major trend among the many bad things that can happen online but it is poorly understood by end users.

Properly speaking, phishing is a "social engineering" attack on a user - not an automated hack of files or a machine – designed to get them to give up their personal details. Typically, phishing attempts will try to get ID numbers and bank account details, including pins and passwords. Once the bad guys get this information, they own your identity and can empty your accounts.

To put it in geek/gamer terms, you have been "pwned".

It's called social engineering because it depends on conning the user into giving over information that they would never normally (one assumes!) dispense to a stranger. The usual approach is an official-looking e-mail on a bank letterhead that asks you to "verify" or "confirm" your banking details for some spurious reason like a "security upgrade".

Needless to say, banks never do this. Any bank whose systems were so amateurish and shaky would not be a place you would want to keep your money.

Surprisingly, some people fall for it. They reply with their details and their accounts get emptied. Financial institutions don't like to go public with the losses involved – for obvious reasons – but analysts say that tens of millions are stolen locally every year like this. And that's a lot of money for a small country with a relatively small per-capita internet usage.

Internationally, overall malware and related activities – including spamming, 419 scams, phishing and taking over other people's machines – ranks right up there with drug and human trafficking as a multibillion-dollar industry.

Yes – an industry. Bad stuff online used to be just clever viruses and hacking – mainly a lot of geeks showing off just how clever they are. Today, it is organised crime operators who employ geeks to do this, because it is easy money when it works.

What can you do about it? Firstly, always be suspicious – in fact, paranoia might be a better position. If something looks like it comes from your bank, don't assume it really does. If it asks for personal, confidential details, you can be sure it doesn't. If you get an e-mail from friends or family members asking similar questions, don't believe that either. Once a machine has been infected with modern viruses, that user's address book is probably in the hands of the crooks and it is easy for them to spoof a mail that looks like it comes from your brother.

Phishing depends on user input – just don't answer questions of this nature. The Delete key comes in handy here. Also, report the incident to the bank whose name is used and to your ISP. Any ISP runs a standard e-mail address of the format abuse@(ISP name).(domain). The more people report this stuff, the faster the phishing operation gets traced and shut down.

And, just to get you really worried, remember that e-mail isn't the only way to go phishing. This can also be done by SMS or even a direct voice call. In this case, silence really is golden. If you get "pwned", you won't have any gold left.

UPFRONT News Reader Comments	ZONE IN How To Top Blogs Going Digital

HANDS ON Gadget Reviews Roundups Tips & Tricks	UNWIND Games Websites etc. Q&A

Stay Connected

Get the latest and biggest news delivered to your inbox. Subscribe to our weekly newsletter.