"New Phishing Trick
Phishing schemes are all about deception, and recently some clever
phishers have added a new layer of subterfuge called the secure phish.
It uses the padlock icon indicating that your browser has established a
secure connection to a Web site to lull you into a false sense of
security. According to Internet security company SurfControl, phishers
have begun to outfit their counterfeit sites with self-generated Secure
Sockets Layer certificates. To distinguish an imposter from the genuine
article, you should carefully scan the security certificate prompt for
a reference to either "a self-issued certificate" or "an unknown
certificate authority.""

Bruce doesn’t think users will check certificates

Great review though, Greg.

Thanks.

> In the quoted paragraph you mentioned Phishing, but only briefly.
> That’s probably the most important topic you didn’t cover.

Well, it was getting pretty long. I want to do a couple of
additional installments — the next will deal with more specific
threats, like phishing. I totally agree. Don’t click on email links!

g.

>What I’ve outlined above is a manageable strategy for protecting
>yourself online. I know I didn’t cover all the bases, but hopefully I
>at least got you thinking about it. My approach may not work for
>you, but try to think of one that does! We all like to think we’re
>smart enough not to fall for the latest greatest phishing scheme, or
>get infected with the latest worm, but in reality, we’re not…so if
>you take a few steps such as I’ve described you can at least decrease
>your exposure to severe harm.

Excellent recommendations all, Greg!

In the quoted paragraph you mentioned Phishing, but only briefly.
That’s probably the most important topic you didn’t cover.

My brother is an eBay afficianado, and recently received an email
phishing for his password. It looked, acted, and felt exactly like a
real email from eBay. It even included the line that says, “we’ve
included your official ebay username so that you know this is really
from us.” He realized, just in time, that his username wasn’t actually
there (they said it was, but it wasn’t.)

My point is just that phishing is the number one way for people to
steal your passwords. If you get an email from a financial institution
with whom you do business, do NOT click any links. There’s a very good
chance you’ll end up at a website with a URL similar to your bank’s,
and which look’s identical to your bank, but is actually being run by
thieves.

That’s the whole tip, in fact. Just don’t click the links! Use your
bookmarks, or type in the bank’s (or ebay’s, or paypal’s, or whatever)
url.

My wife works for a super-tiny bank here in SE Connecticut. The
big-dogs in the industry do more business in an hour than this bank
does all year… yet we’ve both received phishy emails from scammers
who set up a clone site. (This really freaked out the bank officers, as
they were hoping they’d be safe because of their miniscule size.)

Seth