On day 3 of Cyber Security Awareness Month 2010 the topic is Recognizing phishing and online scams. Which is an interesting discussion. For example, would phishers still bother if no one clicked and freely entered their credit card and personal information? Would 419 scammers bother if no one responded to their messages? Since there is a profit motive behind the miscreants actions if there were a diminishing return, or the actual possibility or prosecution, would we continue to see so many of their emails and web sites? Philosophical questions aside, in oder to reduce the harm of scammer and phishers the people receiving the bait need to be able to recognize the messages as such and not respond or click.

Don't click or respond to the following:

• If it sounds too good to be true, it is.
• If the message does not appear authentic, it probably isn't.
• Do the content of the message appear in search engine results?
• If you hover your mouse over the link does your browser or security software silently scream at you?
• Seeing silly typos, formatting, or grammatical errors a professional would not make.
• If the message asks you to send your information to them, rather than the other way around.
• If you don't have an account with the company supposedly sending the email!

Here are some useful links:

• http://www.microsoft.com/protect/fraud/phishing/symptoms.aspx
• http://www.us-cert.gov/reading_room/emailscams_0905.pdf
• http://www.gongol.com/howto/recognizephishing/
• http://www.surfnetkids.com/safety/how_to_recognize_phishing-21760.htm

This is just a start, please send in your suggestions on ways to avoid falling for scammers by recognizing the signs.

Update: Leigh sent in the following quiz to assist in detecting phishing/scams:

http://www.ballarat.edu.au/aasp/is/ict/security/security_challenge.shtml

Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.