With news that there are sites now out there offering DIY Phish kits ( see ZDNet's article ) are we going to start seeing a massive rise in "have a go" Cyber-Criminals out to make a buck.

Although the majority of those who would require a tool to achieve their "dream" of making a quick illegal buck should be sloppy enough to leave traceable fingerprints. However will we see start to see an increase from those more capable of masking their tracks trying to "hide in the pack"?

So what to do? Well as with an interaction you make over the Internet we have to use our common sense. When recieving an e-mail from a bank asking us to update our contact details, think would a company who supposidly values my custom really adopt such an inpersonal way to conduct business with us. You most probably, as would I, think yes as its the most cost effective method. But institutions such as banks are now wising up to the issue at hand, i have to read and click through a phishing warning everytime I now log onto my interactive bank account.

So how can we help fight this latest threat to our information, and more ultimately our hard earned cash? Here are a few pointers so that we can all help to battle this latest attempt to defraud the internet community:

  • Read the advice given by the Anti-Phishing Working Group, and report any suspected e-mails or communications to your local law enforcement agency
  • Don't trust an e-mail just because it looks official, graphics can easily be harvested from web sites and used for this purpose. The majority of institutions and companies that hold your information should only communicate to you with a digitally signed e-mail or via other mediums such as post or the telephone
  • Make sure you install the very latest patches on your machine
    • Products such as IE now contain updates that will warn if the link you are clicking on isn't what it appears to be
  • Make sure the padlock is showing in your Internet Browser when giving out your personal details
    • This is not a guarantee, you have to use your common sense
  • Report all suspicious e-mails to the institution or company that it claims to be from. Do not click and hope to find out!
  • Look at installing a 3rd Party application to block access to known sites, the APWG recommend EarthLink's ScamBlocker, but I haven't used this so can't vouch for its reliability or compatability with your tools
  • Keep an eye on your statements, are there any online transactions or those put through as "Customer not present" that you are not aware of.
  • And unfortunate as it is, question everything. Is this e-mail valid, am I talking to an authorised person when using a telephone help line. Don't trust the CSA just because they say they are who you want them to be. They ask your to validate yourself, surely you have the right to get them to do the same?

Remeber keep safe out there, its your information and your money that they are trying to steal. If you are in the slightest bit unsure about anything requesting your personal information, delete the e-mail / close the browser. Better safe than sorry ( as my Dad still tries to instill in me to this day )