Wednesday, June 14, 2006

Your Federal Reserve Bank account has been accessed!

Phishing is an ever-growing problem. Even if you realize the website to which you are directed is not the one from your bank, you are still vulnerable to a number of things.

  • The most common vulnerability, of course, is entering your username and password. The phisher now has that, and can access your account(s) at will.
  • You can, and often do, get cookies containing malicious code from these phishing websites. Since most sites require you to be able to have cookies enabled to be able to use the site, most people accept most cookies. Most are harmless marketing tools. Those few that aren't, however, can contain software called "key loggers," that logs all keystrokes you make and then forwards them to the phisher. This means every time you type in your username and password, the phisher gets it. For every account you access. Personally, I delete my cookies once a day, and more often if I've gone to a web store to buy something. If I get popups, I very definitely delete my cookies. Most are harmless, but I can't tell which are which. And don't want to take the time to learn.
  • And since Microsoft makes its software so very helpful, Internet Explorer will easily accept what is called a "browser helper object," to help make your browsing experience friendly and helpful. Your Yahoo or Google browser bar is a browser helper object, one you chose to add. And Yahoo and Google want to continue to have your business, so they aren't going to do anything to ruin their reputations. Going to the wrong website and clicking on the wrong thing will get you malicious, possibly invisible BHOs. Your virus software often does not catch these. Try searching for "spyware removal" software, which can get rid of most of these. I spent two weeks and several phone calls working with spyware removal companies, to find one such. The hackers had changed its name and changed where it was saved on the system. I found it, finally, and reported it.

I have a list of email addresses from various companies I forward phishing email to. ("Your Citi account has been violated!" yeah right.) The two you will find most useful are:

reportphishing@antiphishing.org

spam@uce.gov

Just so you know, the Federal Reserve Bank doesn't have individual accounts.