It is
important to know that phishing is a criminal activity that comes
to us with great ease and almost every day, because it uses a typical
technique of social engineering. In simple terms, is a technique that is
used to gain access to our personal or confidential information to steal
- no less - our identity by means of bogus emails or instant messages or
even phone calls. How do those who operate their core business of
phishing? They try in the first instance, the logo and graphics of
institutional sites well known by all who have trusted just because they
are recognizable.
For example, the logo of the Italian Mail, Poste Italiane, the logo
of a bank, the logo of a company, providing services to national or
regional level. Once the appropriate logo (via an easy copying of
graphics), those who practice phishing send an email to a very
large number of people and asked - very politely and always to "warn" -
some personal data such as the number of bank account or credit card
number, or identification codes or, simply, one or more passwords.
Warning! The attacker, in so doing, looks as your provider for web
or even a manager of a site to which you registered previously and which
we have total confidence. And here is the trick because you never
suspect that your bank or the site that comments on daily liturgy can
trap us.
Indeed they don’t make it, but the "facade" of the mail we receive is
tricking, which always contains "important notices" that seek to resolve
situations or problems that occur under your account or checking
account, such as an disproportionately charged, or the termination of
your account, or even a cash offer or a prize. The email invites
us to follow a link, clearly highlighted in the message we receive, so
that the complaint /debits is not allocated or regularizing our
position.
Unfortunately, the link that is provided does not lead to the
official website where the logo guarantees, but like a copy of the
official site which is located on a server controlled by the attacker
and thus subject, under the guise of a confirmation or authenticated to
the site, our information are taken and stored and then - more often
than you think - are used to purchase goods, to transfer money or to
serve as a bridge to subsequent attacks on our privacy.
How
to defend ourselves
The
threat described above should not be taken lightly because more and more
phishers add a link that goes to the real site of appropriated
identity and, increasingly, even if we are not cheated out of our
assets, we pay no unintentionally, laundering money or dispersing money
in other countries. Unfortunately, the Italian legislation, lenders are
not required to provide customers from internet fraud, so they do not
compensate the sums that have been improperly withheld.
So, how to defend ourselves? With absolute attention, never giving
out personal information in case of doubt; then alerting your bank
turning the mail of the fake site; checking often the movements of the
account statement of the community (the people responsible to do so;
using SMS alerts service when you spend on the Internet.
Another way, immediately, to defend ourselves, you see the padlock icon
that indicates that a secure connection is established. We may also use
specific programs such as anti-spillage Netcraft toolbar that alerts you
when you visit an allegedly inauthentic site. Another good technique of
defense is to see if in the mail, there are phrases like: "We ask you
to confirm the details of your account", "If we do not receive a
response within 48 hours your account will automatically be closed",
"Click on the link below to get access to the account "and so on. There
is always a generic "Dear Customer" and there is never our name. It
might be enough suspicious for this indication.
An invasion of 'spam'
As for spam, who are the authors of unsolicited e-mailings? Are
classified as junk mailers or people who send real commercial
advertisements unsolicited by the receivers; as mail bombers, or
people who send a tremendous amount of mail clogging up our inbox and
make us losing a lot of time in the discard; as forgers, or
persons that send messages to others entering our e-mail addresses in
the series and finally nuisances or those who enjoy to disturb
with good or no reason. Even here, why? And how to defend ourselves?
The reason is linked to the main purpose of spamming, which is
advertising that goes from the most common and harmless business offers
to the illegal sale of pirated software, drugs to be taken without a
prescription or pornographic material, to request aid for humanitarian
or personal causes. It is especially on the latter front that we could
be more sensitive, therefore more vulnerable. I have in memory at least
a dozen cases of religious, men and women, who have asked me how to
send aid to an alleged African seminarian in serious financial
difficulties that prevented him from continuing in their studies and
thus forced him to give up the priesthood. Cases of which I have kept
the documentation for the finesse with the mails were written,
interspersed with biblical quotations for this purpose. That's the
Internet. We need to know it to defend ourselves.
The behavior of spammers is considered unacceptable. To defend
ourselves, we have not to enter in each site present on the Net!
Sometimes, to make the download of a beautiful photograph that we can
serve for the Power Point presentation to students of Confirmation, we
enroll - we are required to do so and then the photo is so evocative ...
- and so we are trapped. For months we receive a wide variety of spam
without knowing that our address was "sold" precisely by those of
symbolic pictures that we liked so much. I'm not saying that sometimes
it is not necessary to register to receive services, just we do not need
to register at all the sites we visit! A tip? If we send a
message to some newsgroups to avoid spamming is good to use an anonymous
remailer. What is it? Here's an example. One of my email addresses is
sisternet@multidea.it.
My anonymous remailers could be sis + te + r + net + I + @ mul
+ ti+ dea.it, with the addition of the note: " to get my address remove
all the plus signs." Doing so we obvious being captured by a small
software called “spider" that sneaks in the sites and collects addresses
for resale. The spider can not catch us because it do not
understand the note: " to get my address remove all the plus signs."
Some email programs has filters to prevent arriving spam. Never respond
to spam email! It involves an increase in the arrival of more spam!
Spyware and anti-spyware
Called "malicious software", they have different functions, sending
of unsolicited publicity to the information use gathered to steal your
money. Unlike viruses, spyware does not autonomously spread , but
they need our intervention to be installed and we will pay, this
intervention, without realizing it. When? For example, if we download a
free program. We pay the downloaded software with the invasion of our
privacy. In milder cases, spyware steal information about our
behavior when we use the Internet, or our spending time browsing, such
as connection times and websites that we visit.
The collected data are sent to the remote computer that sends
publicity according to the internet visits we have done. Not be
surprised. In a sense, "we sought succeed." If you accumulate a lot of
spywares our browsing speed is reduced, also occupy a lot of
memory on our computer and, at worst, we risk the entire system to
become unstable. Beware of the software offered for free, even though
many open source programs have nothing to do with the spyware.
We install a specific program called anti-spyware, that is like
an antivirus and is born with the aim of removing spyware. In
addition, we constantly update our browsers, be it Explorer, Firefox,
Opera or Safari.
Safety First
We distinguish between hackers and crackers. The first
are "fanfaronades”, but no damage us, while the latter are responsible
for criminal acts that are committed against individuals or companies.
Beware of free dialer or connection programs - always wary -
that can divert to service numbers to charge. Finally, beware of the
viruses. The transmission systems are numerous and often go for e-mail:
worms are small programs, the Trojans (Trojan horses) open the
virtual doors of the computer; macro-viruses are contained in
Word or Excel documents and take advantage of the folders "macro" of
these two popular programs. We have to use a good antivirus and update
it constantly.
For communities and schools, Norton offers special rates. Use of good
firewalls that control the comings and goings between us and the
Internet. These "walls of fire", which can be software or hardware, are
like sentinels at the gates and report any anomalies to us. We have
not to trust just a software, but we opt for a hardware firewall.
The real, big security filter is beyond the knowledge of few
presented tricks, our responsibility in attendance of sites and in the
use of Internet in general. An even larger filter is the clear goal of
"creating new areas of knowledge and dialogue, suggesting and creating
itineraries of communion" (Message for the 44th World Day for
Social Communication).
Caterina Cangià fma
Facoltà di Scienze della Formazione
Università LUMSA - Roma
sisternet@thesisternet.it