Current User: Guest · Login
A Low Tech Way to Outsmart Phishing Attacks?
Posted: Jun 13 2007, 04:11 PM
I've been trying to give pointers to some less technically sophisticated email users about how to figure out if a request for information is real or if it's a phishing attack designed to steal your identity when you comply with a request to update your information. It used to be very easy to spot a phishing attack, but now there are some that even make me pause for a minute before I start getting suspicious.
Something finally hit me. I don't know how solid of an approach this is, but it seems to make sense. Maybe someone who knows a lot about phishing can add a few cents. You can outsmart most phishing attacks, perhaps nearly all of them just by waiting a few days. I'm surprised I haven't heard this mentioned much.
It's simple. Just wait a few days before you respond. Phishers rarely use their own servers and the servers they use to steal information tend to get shut down within a few days if not sooner. They typically have a short window of opportunity to fool you, which is probably the reason why phishing scams often tell you that you must update your info ASAP. If something is really that urgent, you better be picking up the phone.
I see some possible holes to this low tech technique though. If phishers develop a more stealthy way of launching phishing attacks, it may take longer than a few days to shut down a server that's being used to steal identities.
Something finally hit me. I don't know how solid of an approach this is, but it seems to make sense. Maybe someone who knows a lot about phishing can add a few cents. You can outsmart most phishing attacks, perhaps nearly all of them just by waiting a few days. I'm surprised I haven't heard this mentioned much.
It's simple. Just wait a few days before you respond. Phishers rarely use their own servers and the servers they use to steal information tend to get shut down within a few days if not sooner. They typically have a short window of opportunity to fool you, which is probably the reason why phishing scams often tell you that you must update your info ASAP. If something is really that urgent, you better be picking up the phone.
I see some possible holes to this low tech technique though. If phishers develop a more stealthy way of launching phishing attacks, it may take longer than a few days to shut down a server that's being used to steal identities.
Posted: Jun 13 2007, 05:31 PM
My advice -- that I have read -- is not to respond to these emails. Not using the link, anyways...
Best thing would be to close the email, access the site in your usual method -- and then do what needs to be done, if anything.
Best thing would be to close the email, access the site in your usual method -- and then do what needs to be done, if anything.
Posted: Jun 18 2007, 12:17 PM
Never respond to an unsolicited email. And don't EVER give out your personal information such as password, credit card numbers, or bank account numbers to anyone who emails you and says they need it ASAP. Your bank and others will never ask for your password.
