Security's Everyman

Security's Everyman

Tuesday, March 27, 2007

ID Theft rates increase

Dark Reading reports that identity theft and phishing are on the rise at an alarming rate. The bad guys are getting smarter at making emails look legitimate and at making the links look real. More and more the actual link is more realistic instead of being masked in the email. People are getting smarter about checking the link before clicking on them, but if the link looks real in both the email and the status bar it is more likely to be clicked on.

This is why we have to keep pushing forward with user awareness training. People have to learn that clicking on a link in an email is a VERY bad thing. Unless you know that it's a good link and was sent by a trustworthy source DON'T click on it. This is the word that has to be gotten out to friends and family. Personally I don't understand how someone could actually buy something that comes to them from someone they don't know, you are buying it from some place that you don't know where is, you don't know the trustworthiness of the seller and mostly from someone who can't spell, use proper English, or puts "Hey Dude!" in the subject line.

Unfortunately I seem to be in the minority here. I'm a big believer in the adage "With knowledge comes responsibility". Those of us who know the dangers have to pass that knowledge along to others. We can't have the attitude that if they are dumb enough to click on the link or give out their credit card info then they deserve what they get. It wouldn't be right if the only one affected was the person who clicked on the link. What makes it worse is that often they get malware on their PC that makes it a danger to the rest of us.

2 comments:

kurt wismer said...

so the question is - if you're supposed to avoid links from untrustworthy sources, how do you which sources are trustworthy and which ones aren't?

if i have an email that says it's from paypal, is it trustworthy?

Andy, ITGuy said...

That's where our job to teach others what a "trustworthy" email looks like comes in. PayPal and most other financial orgs and such have a policy that says that they won't send you a link asking for personal info. The problem is that they do send emails with links to other things. So our job becomes a little more difficult.

Creative Commons License
This work is licensed under a Creative Commons Attribution-NC-SA 3.0.