More phishing this weekend, as always. Apparently, the arrests of a suspected phishing group this past week in Germany didn’t net much of the phishing crime scene. This email bait arrived on Saturday, and appears to be much better designed than past emails. Little misspellings and giveaways can clue a reader in to fraud, however.
Let’s give this one a closer look, and pick out a few of the giveaways. The return addresses at “bankofamerica.com” usually are spelled correctly (outlined in red below), instead of the “bankoffamerica.com” below. Banks don’t use hyperlinks that include funny little ip addresses in the URL, or convuluted or misspelled words (unfortunately, the bank targeted in this example may send emails to their customers with hyperlinks to bankofamerica.com). Also, I believe the bank never contacts their customers with these sorts of security issues in this manner over email.
If you are using gmail and receive this kind of fraudulent mail, you can report it to have the site investigated. Click on the little blue arrow in the upper right hand corner of the message. A drop down menu appears, with the “Report phishing” option (outlined in red below). You can select this option to report the site to the appropriate handlers. Click on the image below to enlarge it:
Treatfire is very cool.
I use it with Dr.Web antivirus on my Vista.
Do U think it is enough ?
Can I need a firewall ?
Can TreahFire monitor my system’s network activities ?
Thanks!
Hi Wao,
Thanks so much for the comments.
Threatfire, when combined with a good av solution, will help provide effective layered security. While you may be using Dr Web, you also could check out PCTools AV for free here:
http://www.pctools.com/free-antivirus. We like it when you use PC Tools products!
Yes, using a firewall is always recommended. You are using Vista, so your system has one by default, but you can find one here with a different set of functionality and additional features at http://www.pctools.com/firewall.
Your question is an interesting one. Attacks on windows network-aware system services have been trending downward (partly because users have been installing firewalls, like the free one at the pctools site), but it’s very important to continue using them to prevent these sorts of attacks. We still see packets arriving at our servers from years-old worms like codered because some administrators still fail to patch their windows systems and use firewalls.
Finally, yes, Threatfire can monitor network activities, but it currently does so in a limited manner. For example, if your system suddenly starts sending email (or spam), Threatfire will attempt to identify if the behavior is malicious or something that you really meant to perform.
Ok
Just try …
Thanks!