Gone Phishing

Hopefully we all know what phishing is. For those who don't, wikipedia states that it "is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication." Basically people try to send you authentic looking emails to try to trick you in to giving up your bank user name and password. Phishing attacks have become extremely prevalent in the last few years. But today I realized that these attacks have reached a new level.

What made me realize this? Well I have received phishing emails in the past, but they were always for the large banking institutions and, for some reason, they all seemed to be obvious forgeries. But today I received convincing email from a local credit union, UCCU, linking to a website that was asking me to log in to my account. I quickly realized that this was a phishing attack. While I still realized this was fraudulent, it was the first time I received such an attack from a local bank. This means that those who who facilitate these attacks (are they called phishers?) are getting smarter. They are targeting members of a small bank in a small community.

This means that we need to be educating everyone about these attacks. Everyone needs to know that their bank will never ask for their login information. I would even suggest that they do not even click on links in their emails. Type the internet addresses on your own. As phishers are getting smarter, we need to further educate the internet population about this problem.

Internet Protection

Right now I am working a lot on my senior project, which will be finished and presented next April. The project is essentially a parental control solution for those who want to limit their computer usage. Additionally I am fighting with spyware that has infiltrated my parents work computers. Their employees have been given unrestricted access to the systems, and that was a bad idea. Because of these two events in my life I have been thinking a lot about how to keep people safe from the internet.

There are a lot of solutions that can be applied to a system to help protect users from the muck that wants to hurt them and their computers. One that I just started to use is OpenDNS. OpenDNS provides filtered DNS servers that don't resolve common sites that contain pornography, spyware or are phishing sites. You also get detailed logs of internet activity. A secure way to implement this is to change the DNS settings in your router.

It is also important to have anti-spyware and anti-virus software installed and up to date. There are lots of free solutions including adaware and AVG. This helps keep your system clean.

Finally a big problem is letting the users have full administrative access. This is one thing that I am changing on the computers I support. Administrator accounts now have passwords and user accounts don't have admin rights. This helps prevent system settings from being changed and keeps unwanted software from being installed.

While this is not a comprehensive list, if these guidelines are followed you and your computer will be much more protected from the internet mucky muck.