Jump to content

Preventing on-line identity theft


Roderick

Recommended Posts

Posted

In a world where we do more and more transactions on-line we increase the risks of being caught out with a look-a-like login.

There is quite a simple and I believe effective trick to avoid sharing your details with the rest of the world; when in doubt, use an incorrect password. If the site knocks you back then you can be fairly sure it is legit because it was checked against a reference point. If the site accepts it then you know it is a fake and back-away quickly. And you'll have the enjoyment that some crook somewhere will be spending hours to make the password work on an account B-)

Posted

A phishing site will generally reject whichever login details you give it (and a smart one will transparently redirect you to the legitimate site), so that you assume you've made a typo entering your password and try again - with success. It's the only thing they can do really, it's not as if they can spoof the functionality of the legitimate site you're trying to log in to, so any attempt to do anything else would ring alarm bells with any sensible user.

 

Good idea, but may not be as obviously successful as you hope (although it will prevent you giving your password to a fake page which then redirects you to the legitimate page - but you may not realise it).

Posted

I think the best advice is to rely on typing the website address directly in to the browser and never click from an email *ever* or rely on directs from other sites unless you are 100% confident in the site (such as the bank). Even typing the address directly relies on you getting the adress 100% correct, it's easy to put .com or .co.uk when it should be the other way round.

 

It staggers me how many people don't know how to visit a web site and type something similar to what they want in to good old Google, relying on the fact that Google, like Apple, is a good mate, a member of the close family and can do no wrong and would never ever expose you anything remotely unpleasent or do anything behind your back, or do anything without your knowledge or full consent. :rolleyes:

Posted

Google is extremely good at spotting phishing and keeping them out of search results. They also insert a warning page between results and the site if they think it's infected with malware or doing drive by downloads.

 

Browser extensions like Web of Trust can be handy as well, but tend to take a while to catch up with new phishing sites.

Posted

I recently had a convincing phishing scam come through on my iPad and rather disturbingly there was no obvious way to check that the provided link was actually real. Unlike on browsers where the actual link URL pops up when you hover over the fake link. I followed the suspect link out of curiosity and the fake landing page looked authentic with no clues as to it's real location.

 

Checking it later on a PC it was obviously a phishing scam.

Posted

Even typing the address in manually can be hijacked by malware editing your windows hosts file....

Or your DNS Server Address, or a number of other things. I've seen a situation where a compromised PC was acting as a local DNS Server, registering itself as such on the Router which then meant every machine on the network used this compromised DNS Server and just fell back to an external one when the PC was off.

 

Josh

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.