Test your phishing detective skills

Security software vendor McAfee has created a ten-question quiz to see how well you can spot a phony website. If you’ve been reading my tips here, I expect you to do very well. Let’s find out.

The quiz has some excellent examples of common phishing scams, and it’s a very good primer on how the bad guys operate.

Both Internet Explorer 7 and Firefox 2 have built-in phishing filters. These provide an additional level of protection by checking any site you visit against a list of known malicious web pages.

Depending on which browser you use, make sure the phishing filter is enabled:

Internet Explorer 7: IE 7 asks you during installation if you would like to enable the phishing filter. To double-check, click the Tools menu, then Internet Options, and then the Security tab. With the Internet zone selected, click the “Custom Level” button and scroll down through the settings until you find “Use Phishing Filter.” Make sure it’s set to “Enable.”

Firefox 2: Click the Tools menu, then Options. Click once on “Security” on the top menu bar to highlight it. Then make sure the “Tell me if the site I’m visiting is a suspected forgery” option is checked. Under that, select “Check using a downloaded list of suspected sites.”

Phishing filters are, of course, not a substitute for paying attention, but they can certainly help. Use them to back up your newly-heightened awareness after taking the quiz.

Oh, in case you’re wondering, I got a perfect score on the quiz. Why else would you take my advice?

UPDATE 9/16/07: McAfee has taken down the phishing quiz site referenced above. However, Internet security vendor SonicWALL has an even tougher quiz on their site. Here’s a link.

PC industry “disappointed” with Vista

PC World reports that PC manufacturer Acer has acknowledged widespread industry disappointment with Microsoft’s new Vista operating system.

Gianfranco Lanci, president of the fourth largest PC manufacturer worldwide, points out that Vista has serious stability and compatibility issues, and that customers are still demanding Windows XP on new hardware, particularly business customers.

The article also notes that despite Microsoft’s claims of strong Vista sales, Windows XP sales are predicted to be 50 percent higher this year than Microsoft’s original estimates, potentially totaling 22 percent to Vista’s 78 percent.

In other words, Vista has taken off more slowly than any new Microsoft OS release since Windows achieved desktop dominance in the early 1990’s. Furthermore, Vista is not driving new PC sales as hoped. People are settling for Vista because it’s all they can find.

The release of the first service pack for Vista has still not been announced. Service Pack 1 for Windows XP was a significant milestone, making the product ready for widespread deployment. Given the major hurdles Vista still must overcome in terms of hardware and software compatibility, Vista SP1 will be expected to work miracles. It had better.

The bad guys are getting smarter

Continuing on the theme of “More Ways Your Poor Computer Is Under Attack,” we look today at the phenomenon of phishing, a scheme which gets hold of your personal information in a very simple way – by tricking you into willingly providing it.

You already know that you should avoid following web links in e-mail messages. A spoofed message claiming to be from PayPal, for example, can direct you to a fake website that looks just like PayPal, which then captures the password and credit card information you type in. Fraudulent purchases, or even identity theft, are likely to follow.

Fortunately for us, most of the hackers behind these tricks know their way around a computer, but not a dictionary. Lousy spelling and grammar are a good tip-off that you’re on a bogus site.

That’s why I was surprised to learn of a new Trojan horse called Kardphisher, which mimics the activation procedure for Windows XP. If the Trojan gets on to your computer, it waits until you reboot and then informs you that you have to “re-activate” your copy of Windows.


On the next screen, Kardphisher gets down to business.

For the record, Microsoft does not request credit card numbers during activation, and it certainly wouldn’t ask for your ATM PIN.

Nonetheless, Kardphisher is a well-designed hack. I saw no grammar or spelling errors; just a clumsy use of punctuation.

The Trojan is not widespread, and Symantec rates it a very low risk. Any updated anti-virus program will be able to deal with it, so odds are you will never see this on your computer.

However, it’s worth knowing about, because anti-virus programs and firewalls are no substitute for vigilance. We all need to pay close attention to what we are doing on the computer, because the bad guys have learned how to spell.