麻豆官网首页入口

IMO, you need to pass an exam before you go on the internet and use it.

Good post Maggie, no really. It's scary to think how many people sleepwalk into these kind of scams (The head of the FBI no less!). A lot more mainstream publicity about the dangers and how the average user can protect themselves is needed.

I had an idea for an extra layer of protection, it won't stop people falling for phishing scams but it will hopefully reduce them. Instead of the username & password on one page as it is now, have 2 pages.

1st page is when you enter your username, it then either takes you to a page in which you can enter your password underneath a known picture/phrase or if it can't match your IP address up-to your history it prompts you to enter an answer to a personal question before taking you to the password screen.

It's scary to see how many people sleepwalk into giving their personal details away, just look at facespace!

I'm one of the people who got their Hotmail hacked, and I can let you know there was no phishing scam. I never follow links from anyone and always type the site address of my bank etc into the browser instead.

The hacker then had access to my secondary email in my profile, which explains the Gmail, Yahoo etc addresses also being available. My eBay was hacked and my Livejournal blog, too. Fortunately, I had immediately cancelled my bank cards so financially I wasn't hit, and the guys at eBay etc were really helpful.

The idea that this was a phishing scam is sheer nonsense and a way for the people at Microsoft to avoid responsibility by declaring 'user error'.

Nice Post.
How many of us go "tut tut" when someone we know gets pickpocketed..robbed in the street and assume that it will never happen to us? We all do.
The same applies online and it is important that we are all educated about the possible threats in the same way we all hark on about not leaving wallets in back pockets when on holiday

I have been working in It now for several years and consider myself to rather savvy to these scams etc but i myself got caught out once. Not exactly a phishing scam - rather a spam email but along similar lines.

I was on holiday in Spain and was checking me emails with my girlfriend sat next to me - i saw an email saying "Hi xxxx it's xxxx from Utah. I'm finally coming to the UK to see you. Now we can meet in meet in person. Message me back xxx" or something along those lines. The girlfriend went mad and thought i'd been talking to girls on messenger services so, like a dumbass, i replied to the email saying "Sorry i don't know you". Tow days later i checked my email and there was 302 spam emails in my inbox - messages from credit card companies banks etc.

Even for people who are 'in the know' sometimes it's possible to get unwittingly dragged into thses scams.......

It really isn't difficult to pick out phishing emails - in most cases there are some GLARINGLY obvious clues that what you're reading is nothing more than an attempt to scam you. You really do have to be seriously lacking in common sense to get caught out.

Firstly, no matter what the circumstances, any organization of repute (your bank, Amazon, eBay, PayPal, whoever) will NEVER email you asking you to 'confirm' or 'verify' your password. If they need legitimate access to your account then they have much easier methods at their disposal, which does not involve contacting you.

Secondly, in many cases, the email presents a link to an apparently valid website (which is actually nothing more than a front-end to a script that harvests usernames/passwords) - at first glance, the URL presented in the email may look valid (for example, www.yourbank.co.uk/verifypassword), but if you hover over the link in your email client, you'll notice that the actual URL it directs you to is completely different; it might be a throwaway domain, or even just the IP address of the phishing scammer's webserver.

As a rule of thumb; if you recieve any suspicious messages that appear to come from your bank, or your credit card company, or your long lost uncle from Nigeria who wants you to wire a couple of grand of good faith money to an offshore bank account in order for you to inherit the family fortune...mark the message as junk (or 'phishing scam', if possible) in your client, then delete it.

Simple.

Step 1
Install and use an email program that comes from a different supplier to your operating system.

Step 2
As your default, view all your emails in text-only mode. The scams will be much more obvious; and you can then view any messages that have other content when you know they are safe. And what does HTML add to emails anyway? It is a text medium.

@7 and 8,
All good points, however, having worked in tech support before, I can assure you that half the problem here is that those most likely to get caught out by these scams are people who don't understand what an operating system is, or an email client, or a web browser, and have no clue what a URL or IP address is. To them, they click the blue-circular button for the internet, and the envelope for email. They certainly don't have a clue how to set up their email client to disable HTML.

Therein lies the problem - too many clueless people on the internet. While some will benefit from education - an ECDL course or something similar may at least vaguely help them get up to speed, many of them are too far beyond help, and ought to be banned from the internet for their own financial safety.

"9. At 5:08pm on 09 Oct 2009, IRcutekitten wrote:

@7 and 8,
All good points, however, having worked in tech support before, I can assure you that half the problem here is that those most likely to get caught out by these scams are people who don't understand what an operating system is, or an email client, or a web browser, and have no clue what a URL or IP address is. To them, they click the blue-circular button for the internet, and the envelope for email. They certainly don't have a clue how to set up their email client to disable HTML.

Therein lies the problem - too many clueless people on the internet. While some will benefit from education - an ECDL course or something similar may at least vaguely help them get up to speed, many of them are too far beyond help, and ought to be banned from the internet for their own financial safety."

Couldn't agree more.

And if the FBI are falling for "phishing scams" then one has to wonder about the credibility of the FBI.

I for one am sick of seeing such scams put into practice, if people took the time to learn a bit more about computing they would hopefully be a little more wiser and take the proper measures thus stopping the large majority of such scams in their tracks.

The majority of scams rely on peoples gullibility, and the fact they affect so many speaks volumes about our society...

Apart from the 419 scams where there is a separate money transfer where the punter actively engages in being scammed, in almost every other case of online fraud, there needs to be a direct relationship between the victims bank and the scammers bank. Educating the semi IT literate is almost certainly too much of a challenge, but focusing on the banks, perhaps using better IT to manage patterns or horror of horrors, engaging and working with their customers would certainly eliminate a lot of fraud. Also pressing the banks to not deal with scammy operators.

If I am taken in by a boiler room scam, that scammer would need a bank account, card processing, perhaps even an 0800 number! In being taken in by the fraud, I would then rely on my bank transferring large amounts of money (an extraordinary activity) to a dodgy account. Of course the banks will say this is just not possible to manage, but if I go to my bank and try to change 拢200 into foreign currency I will be questioned and perhaps the transfer will be refused, contrarily, if I (or somebody proposing to be me) sets up a transfer of all my money to an account in Russia, it is likely to succeed!

If it looks to good to be true it probably is. If people want your details, they don't know you. Don't give them your bank account.

Lets not forget, phishing is not just a phenomenon affecting email, it also includes a whole raft of 'social engineering' which can be used to collect personal information. Banks for instance, still make unsolicited calls to customers from call centres and open the conversation with 'for security purposes, can you tell us xxx personal information'. Generally people seem to respond, especially to banks, by providing information but what if the call is not actually from a bank? The victim has now handed over information which could be used by the unscrupilous to build up a dossier which could then be used elsewhere including emails. I personally always to give out such information on calls which I have not initiated, but of course, this does not go down well with banks. Until we can change the practices of banks, what hope have we of changing peoples hearts and minds to deal with email phishing

As a timely postscript to my original post which should have said "I personally always refuse to give out such information", I had a call from a bank this evening in which the usual information was requested. What made this one so interesting was just how angry the woman from the call centre sounded when I asked for a number to call back to (which verified on the internet). In this information age, banks really need to give some thought to

Phnuff, good idea that when you get a phone call from a 'bank' asking you to confirm some personal details, getting a confirmed number to call them back to be safe. If they are geniune they won't mind (although chances are that they were phoning to offer you a 'great' promotional deal they currently have on for loans/credit cards/cheese etc)

The biggest problem is that Paypal and Banks etc. don't digitally sign their e-mails, so you can't tell the difference between real messages and fakes, except by carefully examining the content yourself and looking for clues.

Sometimes the genuine messages have clues in them that make you think they probably aren't genuine - e.g. I've seen messages from banks that have linked to marketing companies that count the number of times a link is clicked on, rather than linking directly to the bank.

A public service campaign about personal computer security would be a great way to teach security fundamentals that are immediately useful to everyone. Celebrities could give sound bites like "... this is how I got phished..." or testimonials from a public figure could be used to help underscore the widespread reach and primary methods of computer attacks. Detailed information about how to improve web and online surfing security from security experts can educate people about how to develop a security protocol. The basic points that are worthwhile to share with friends and family about computer security include; 1) Keeping computers scanned for parasites; and 2) Changing social network login and online email passwords frequently.

@Kite09 - So you bank with Alliance & Leicester then? Don't go trying to pass off systems that are already in place as your own idea! It just makes you look stupid.

Did I say it was my own idea?

I don't have internet banking, so I can be certain that any phishing emails are phishing. But surely if my bank wanted to get in touch with me they would either write a letter or put a message on the screen once I had logged in. One thing they wouldn't do is send an email!

Perhaps banks should put a large message on their landing page saying that they don't send emails, and if it looks like they have then it's a fake. Would that make any difference in educating users?

On the rare occasion when I have answered a phone call which was probably from a bank (0845 numbers go to the answerphone usually) I've never confirmed any details. I explain to the person on the other end that I've no idea who they are and I won't give any personal information to them, whereupon they do get quite cross. All good fun.

Andrew

Kite09 you wrote, 'I had an idea for an extra layer of protection' - of course you were trying to pass it off as your own idea. Keep digging.