Phishing

Angling is a very relaxing hobby - for people and fish alike.People like the beautiful setting, the quiet relaxation, the fact that you need only one hand for the fishing rod - the other can be used for holding a cold beer.

Fish like the free food.

"Fishing" is different from "angling".

People like fishing too, but fish not so much: but imagine fishing from the other end?

Being the fish I mean: You're out for a leisurely late morning swim when you happen on a big juicy morsel of food....just...hanging there...in the water. Free, gratis and verniet. You quickly glance left and right to make sure nothing is about to eat you and then streeetch open your mouth to gulp that beautiful, delicate, tasty morsel before one of your morsige fish-buddies steal it right in front of your nose.

Just as the the delicious flavor slides down your gullet, a sharp sting in our throat interrupts your ecstasy and your mouth is jerked sharply open by a filament of plastic stronger than satan's nose hair! Your eyes bulge as you try with all your might to spit out the deceitful, disgusting, ugly morsel while swimming as hard as you can in the opposite direction from where the nosehair is pulling you.

Alas, it is too little too late.

You are relentlessly pulled to the suffocating surface where a big ugly human grabs you. Best case scenario: you are going to die. Be eaten.

There is poetry in that: dying to feed another creature. It is the way of nature.

A far, far worse fate may wait. Much worse than dying being eaten.

It is to be tagged and released:

They fasten a fat "look-I-am-stupid-and-too-ugly-to-eat" tag on your fin and throw you back in the water. How obscenely rude is that? I mean, they don't even want to kill you?! The horror of it! Back in the water you are teased and ridiculed by your morsige fish-buddies until you die! It is just to much to contemplate.

You become a bitter loner fish. Constantly hunting for fishermen so that they can catch you and eat you...but, of course, when they catch you and see you are tagged...they throw you back in.

Fishing is not fun if you are the fish. No sir. Not one bit.

On the internet there are fishermen too. And we, the average user, are the fish.

It is spelled "Phishing" instead of "Fishing", but it is basically the same thing: they offer you bait so that they can steal your money and your identity...but they don't kill you...they let you go after a while...sucked dry and much poorer...so that your morsige braai-buddies can tease you forever.

It works like this:

Hook, line, sinker an idjit makes

The term "Phishing" means to offer bait to unsuspecting "fish" (people) to reveal their banking or credit card details or access to their online identity. This information is then used (or sold) to steal money or to steal a person's identity - until there is nothing left to steal or to sell.

"Phishing" is different from hacking in the sense that the former rely on tricking a victim into revealing sensitive information vs the latter where security is defeated by "hacking" through security in the same way one would use a hack saw to defeat a lock.

In a Phishing scam you - the fish - is lured to take bait. You are offered the bait by email, by telephone, by text message or by a web site.

You will swallow the bait when your greed, fear or ignorance exceed your intelligence.
The most common way to phish is to send people to fake web sites - usually by sending them an email pretending to come from their bank, the taxman or from the deity of your choice. Faking a sender's email is about as simple as faking the sender of a physical letter. You simply write the sender address at the back of the letter. You can send email from adolf-hitler@deadpeople.com if you like. Falling out of a tree is more complicated.

Forging a link? Easy, peasy. You might think this link http://www.standardbank.co.za points to standard bank's web site, right? Hu-uh. Click the link and see where it goes.

A fake web site? This one took me about 15 minutes. http://www.standardbank.co.za. It's as fake as a R 9 coin (or a Zimbabwean election). The real one is here: http://www.standardbank.co.za - spot the difference? No? Then check the address bar - the one where you see http://www.....etc. See?

A phisher (ie bad guy) may send you an email like this:

From: the-guy-guy-in charge-of-your-money@standardbank.co.za
Subject: Login immediately or you are in deep dwang.

Dear Customer,

Your internet banking account is broken. You must login immediately (that means right now, china!) to type in your secret banking login details here: http://www.standardbank.co.za.

If you do not do this immediately, all money will be transffered from your account, your account will be locked and your hair will catch fire.

Thank you for cooperating.

Yours,
The big guy.

Three step knock out: An email you THINK originated from an entity you can trust, asking you to click a link pointing to a web site you THINK you can trust, which takes you to a page you THINK is the original.

So, how do you spot these and avoid being made a idjit of...or worse?

1. Do NOT follow links in an email. If it says go to www.standardbank.co.za, then type it into your browser yourself. Then CHECK the address bar to make sure you arrived at the correct web site.

2. Note that scammers mostly do not have access to detailed information to you, so instead of addressing you as Mr Louw, they will say something like "Dear Customer". Think! Your bank knows your name, right?

3. Check the language. Bad English and spelling errors? Think. Your bank has spelling checkers, right?

4. If it's mega urgent (your hair will catch fire), then it is almost definitely a scam. Don't panic. Your hair is ok. They don't want to give you time to THINK.

5. Before you login ANYWHERE make sure you are at the web site you think you are: check the address bar.

6. Trust me: you did not win a million. Even if you did, you'd THINK the people wanting to transfer a Million bucks into your bank account would at least know your name, right? Maybe even show up in person...seeing they are giving you a million bucks 'n all.

7. Be paranoid: Read any email wanting personal or confidential email over several times. Pause. Think.

8. Educate people around you about phishing. The only reason these scams continue are because ordinary users are not educated about the dangers.

9. Remember you can be phished by telephone, SMS or even face to face. Be paranoid. THINK.