They are out there and they do want to become you; at least, temporarily. There are several methods used by online fraudsters (for lack of a better collective term). These methods are termed; phishing, pharming, and down-n-dirty espionage. Phishing is an e-mail fraud method in which the perpetrator sends out legitimate-looking email in an attempt to gather personal and financial information from recipients. Pharming is a scamming practice in which malicious code is installed on a personal computer or server, misdirecting users to fraudulent Web sites without their knowledge or consent.
Espionage has several old hang ins from the spy days with updated tactics to take advantage of shifts in technology.
Let's look a little closer at Phishing. The latest e-mail you just received about your amazon account being out of date and needing to be updated should do. First, Phishing has evolved well beyond the limits of traditional spam. You should notice that the writing is polished. (Yep, they finally mastered that tricky spelling and grammar checking doodad in their mail program.) They even pay attention to the little details such as pointing you to their customer service page and including common mailer images as well as the company logo. The clincher is the web address that is included. Click on the link and look at the web page it loads. (Don't fill in ANY personal data.) By looking at the anatomy of this carefully constructed page, you should be able to discern a legitimate login page from an impostor. Notice the address bar. A login page will point to a secure (https://) area of their domain (www.onlinecompany.com) while an impostor could use a secure or unsecure (http://) port and will likely point to (www.someWEBhost.com/www.legitimatevendor.com). The area before the slash (/) is your tip-off. As a rule, always go to the vendor from their own main page by typing the URL (web address) in by hand. You can then use the login link to access your account.
Pharming has also been termed 'phishing without a lure'. This is because some nefarious programmer has gone to the ultimate low and bundled extra code into that free utility, game, or other cool application that is now a free download. Such code can lead to popup windows claiming that your identity has been stolen and to click the link to fill out a form in order to report the incident. These forms then collect your data. The most common occurrence of such software; however, is to redirect requested addresses of well known online sites such as e-bay, amazon, or pay-pal to a false login page that will collect the login information and e-mail it to the attacker or store it into a database somewhere. There are three practices to prevent this type of behavior. When downloading a new program to try, do it on a test system first. Use the address checks listed for Phishing and try to visit www.amazon.com ; www.ebay.com ; www.paypal.com . The addresses that you should get for logging in should contain the following prefixes :
https://www.amazon.com/
https://signin.ebay.com
https ://www.paypal.com/
After you have verified that the software is safe, you may install it to a regular system. Utilities that can be particularly useful in the capture and removal of such malware are Lavasoft's ad-aware software (www.lavasoftusa.com) and spybot search and destroy (http://www.spybot.info/). Another particularly good source of antispyware/adware utilities is http://www.spywareinfo.com/~merijn/index.php . I highly recommend the use of hijackthis and startuplist. The first gives you a detailed account of your system's running state as well as what programs have tied themselves to your bowser while the second lists all programs set to start when you login to the computer. This is provided in one easy to manage screen with an indication of what is malicious and can be checked to disable.
Espionage is defined as the practice of obtaining secrets (spying) from rivals or enemies for military, political, or economic advantage. It is usually thought of as part of an organized effort (i.e., governmental or corporate)'. This can take effect through the careful application of social engineering techniques as well as employing current technological advances. Social engineering is the art of getting someone to provide as much information as possible without giving them anything that can be used against the attacker. Fake phone solicitations are common as are the lost repairman, the delayed messenger/delivery guy, or the friend who was asked to drop by. Keyloggers (hardware and software varieties are available) are a popular tools that log anything typed from the keyboard and can e-mail a log or store the data for later retrieval. They can capture usernames and passwords as well as account details and which web site or bank they belong to. Trojan viruses allow one to remotely access a computer. Trojans (named after the famous Greek gift left outside the gates during the battle of Troy) usually include keylogging as well as the ability to activate peripheral devices such as the printer and web camera. It is not uncommon for an attacker to get a look at the operator of the compromised system.
If you feel particularly paranoid now, that is great. Caution leads to a desire to learn more and to not freely give away your rights and privacy. If there are terms in here that do not make sense yet, put them into a search engine and compare the results of at least five sites to make sure you have a clear idea of the term.
* Phishing
http://searchsecurity.techtarget.com/sDefini tion/0 ,290660,sid14_gci916037,00.html
* Pharming
http://searchsecurity.techtarget.com/sDefini tion/0 ,290660,sid14_gci1097059,00.html