Cut #6: How to catch phish
Cut #6: How to catch phish
Cut #6: How to catch phish
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
tranSCript<br />
<strong>Cut</strong> <strong>#6</strong>: <strong>How</strong> <strong>to</strong> <strong>catch</strong> <strong>phish</strong><br />
Jennifer Clemente and George Faulkner, with Rocky Oliver<br />
1 September 2006<br />
FAULKNER: Welcome <strong>to</strong> Short<strong>Cut</strong>s, a weekly online broadcast brought <strong>to</strong><br />
you by IBM Workplace. Together with the industry experts<br />
we’re here <strong>to</strong> help you get the most of everyday Internet and<br />
e‑mail <strong>to</strong>ols <strong>to</strong> make your life online more productive and<br />
more fun. If you’ve got a question, we’ll find the answer.<br />
Just write us at cuts@us.ibm.com. I’m George Faulkner.<br />
CLEMENTE: And I’m Jennifer Clemente.<br />
This week’s question came <strong>to</strong> us via e‑mail. It reads, how do I<br />
tell if an e‑mail is <strong>phish</strong>?<br />
FAULKNER: On the phone with us <strong>to</strong>day from Flowery Branch, Georgia, is<br />
Rocky Oliver, who works for Lotus software inside IBM. He<br />
also runs a blog called Lotus Geek that covers all things Lotus.<br />
Thanks for joining us <strong>to</strong>day, Rocky.<br />
OLIVER: You bet.<br />
CLEMENTE: <strong>How</strong> do you figure out if a pretty legitimate looking piece of<br />
mail is actually attempting <strong>to</strong> get your personal information?<br />
OLIVER: Well, there’s a few steps that I go through when I’m<br />
evaluating it. First thing is, take a look at the domain for<br />
the URL. Instead of putting in the whole URL, just grab that<br />
domain and enter that in<strong>to</strong> your browser and see what it<br />
comes back at.<br />
A lot of these sites are simply front ends for spammers or<br />
things like that, so you can kind of get an idea that they’re<br />
trying <strong>to</strong> gather personal information from people for things<br />
like identity theft or <strong>phish</strong>ing, as you’ve mentioned earlier.<br />
Another thing you might look at is the construction of the<br />
e‑mail itself. Is there any misspellings? Is it formatted<br />
strangely? Do the graphics look clean? These are all pretty<br />
tell‑tale signs.<br />
Short<strong>Cut</strong>s • 1 Sept 2006
The next thing you want <strong>to</strong> do is look for identifying phrases<br />
or things in the e‑mail, like if they happen <strong>to</strong> put an e‑mail<br />
address or a phone number or a name of a company in there,<br />
if you Google those things, you are almost certainly going <strong>to</strong><br />
find out <strong>to</strong>ns of information about them.<br />
CLEMENTE: Now, Rocky, is there a place that you can report...any place<br />
that’s collecting all of these hoaxes?<br />
OLIVER: There are a couple of places. Snopes.com, which is great for<br />
hoaxes, does some collection of those. There’s another site as<br />
well that if it’s virus‑driven, or like, if you get an attachment<br />
and you just really want <strong>to</strong> click on that attachment but, um,<br />
but you’re scared <strong>to</strong>, which is good, then you can go <strong>to</strong> a site<br />
called the Symantec Antivirus Research Center, which is sarc.<br />
com.<br />
And they, it’s put on by Symantec which obviously writes<br />
Nor<strong>to</strong>n Antivirus, you can go there and look up viruses and<br />
Trojans and things like that, like on file names or email<br />
content and things like that. And when you enter it, it will<br />
give you back information about that particular virus or hoax.<br />
And it will tell you what the payload is, what’s the severity,<br />
what’s the damage, and almost always they even have a free<br />
<strong>to</strong>ol that you can use <strong>to</strong> clean up the virus or Trojan that you<br />
got on your system. If you couldn’t resist the temptation and<br />
you opened the file anyway, they usually have a little fix that<br />
they’ll give you for free.<br />
CLEMENTE: So, George, do you know anybody who’s ever been taken by<br />
one of these Internet scams?<br />
FAULKNER: Well, in regard <strong>to</strong> <strong>phish</strong>ing, no. You ever gotten sucked in<strong>to</strong><br />
any of these scams yourself, or...?<br />
CLEMENTE: Well, thank God I haven’t, but I do have members of my<br />
family who often send me virus warnings that are not valid or<br />
they’ll send me.... I even get chain mail. Remember chain<br />
mail?<br />
FAULKNER: Sure.<br />
CLEMENTE: Sure, the St...the Mother Teresa, or the St. Teresa’s prayer,<br />
I still get that. There’s many things that are still floating<br />
around out there, and it really...it really makes me realize just<br />
how vulnerable people still are.<br />
We have some time here at the end for one more item from<br />
our mailbag. A listener mailed us asking, why is all the print<br />
Short<strong>Cut</strong>s • 1 Sept 2006
IBM Corporation<br />
1133 Westchester Ave.<br />
White Plains, New York 10604<br />
United States<br />
on IBM’s Web site so small I can’t see it? Well, we mailed the<br />
ibm.com Webmaster who wrote us back saying that all font<br />
sizes are displayed in the browser relative <strong>to</strong> a base size which<br />
users can increase and decrease from the browser menu bar.<br />
In Internet Explore, for instance, go <strong>to</strong> view, text size, and<br />
select the base size you need. Hope that helps.<br />
FAULKNER: For a transcript of <strong>to</strong>day’s show, visit us on the Web at<br />
ibm.com/shortcuts. There you’ll find more information on<br />
this week’s <strong>to</strong>pic.<br />
CLEMENTE: And again, if you’ve got a question for our experts, write us<br />
at cuts@us.ibm.com. From all of us at Short<strong>Cut</strong>s, thanks for<br />
listening.<br />
[END OF SEGMENT]<br />
Short<strong>Cut</strong>s • 1 Sept 2006