The recent stir in high profile security issues has got me real paranoid about my computer habits. Trying to secure myself from the marauding hordes of criminal hackers has always been a cat and mouse game. I just try to make sure that I have as much information as possible.

The issue of spam is still a really big one, most of the time I get about 20-30 unsolicited mail, mostly harmless, but once in a while I get a piece of mail that gets past my safe guards and makes me worried for all my friends that are little less cautious than I am.

So here are my golden rules for spam detection ... be suspicious if the email sent to you is not able to identify you by first and last name (or maybe your login ID). There should be sufficient hints in the email that let you know that the company emailing you knows enough about you to warrant your trust. For example every email that I get from PayPal has my full name in the email. So I feel d less suspicious that this is a random spamming campaign. When an email begins "Dear ," then this is a clear indication that I should treat the contents with a healthy dose  of skepticism.

So I recently received an email from "NatWest" the bank, not the real one of course. Some unscrupulous rascal attempting to masquerading as NatWest.

image 

Of course they wanted my banking details account numbers, PIN even my credit card information. Thankfully there has been significant adoption of layered security which allows you to setup additional personal questions, and there are some sites that allow you to select personalized pictures that make your login experience uniquely identifiable.

image

So I noticed that when I open up the phishing site in FireFox 3, I got no indication that it was a spoof site (as above). However, IE immediately let me know that the website was really a poorly disguised phishing attack (below) and warned me to go no further. I am not sure what mechanism keeps track of phishing sites but FireFox was a little slow on this one.

image

Banks never want you to update security information by email and in fact go to great lengths to only use emails for account related alerts and\or marketing. The easy to use golden rule I have established for my wife and I is to always use our predefined browser favorites to browse to our financial\sensitive information. If there is a legitimate need to ask me to update my details it will have to start and end at our favorites list.

Technorati tags: ,


DISCLAIMER: Please do not follow any of the links in the images I show, I am quite certain that are meant to hurt honest hard working people like you and me. Also due to the nature of the post I feel the need to reiterate that all the content I post on my site constitutes my own opinion and is not a reflection of my employer or any of their policies.