Cut #6: How to catch phish

tranSCript
Cut #6: How to catch phish
Jennifer Clemente and George Faulkner, with Rocky Oliver
1 September 2006
FAULKNER: Welcome to ShortCuts, a weekly online broadcast brought to
you by IBM Workplace. Together with the industry experts
we’re here to help you get the most of everyday Internet and
e‑mail tools to make your life online more productive and
more fun. If you’ve got a question, we’ll find the answer.
Just write us at cuts@us.ibm.com. I’m George Faulkner.
CLEMENTE: And I’m Jennifer Clemente.
This week’s question came to us via e‑mail. It reads, how do I
tell if an e‑mail is phish?
FAULKNER: On the phone with us today from Flowery Branch, Georgia, is
Rocky Oliver, who works for Lotus software inside IBM. He
also runs a blog called Lotus Geek that covers all things Lotus.
Thanks for joining us today, Rocky.
OLIVER: You bet.
CLEMENTE: How do you figure out if a pretty legitimate looking piece of
mail is actually attempting to get your personal information?
OLIVER: Well, there’s a few steps that I go through when I’m
evaluating it. First thing is, take a look at the domain for
the URL. Instead of putting in the whole URL, just grab that
domain and enter that into your browser and see what it
comes back at.
A lot of these sites are simply front ends for spammers or
things like that, so you can kind of get an idea that they’re
trying to gather personal information from people for things
like identity theft or phishing, as you’ve mentioned earlier.
Another thing you might look at is the construction of the
e‑mail itself. Is there any misspellings? Is it formatted
strangely? Do the graphics look clean? These are all pretty
tell‑tale signs.
ShortCuts • 1 Sept 2006

The next thing you want to do is look for identifying phrases
or things in the e‑mail, like if they happen to put an e‑mail
address or a phone number or a name of a company in there,
if you Google those things, you are almost certainly going to
find out tons of information about them.
CLEMENTE: Now, Rocky, is there a place that you can report...any place
that’s collecting all of these hoaxes?
OLIVER: There are a couple of places. Snopes.com, which is great for
hoaxes, does some collection of those. There’s another site as
well that if it’s virus‑driven, or like, if you get an attachment
and you just really want to click on that attachment but, um,
but you’re scared to, which is good, then you can go to a site
called the Symantec Antivirus Research Center, which is sarc.
com.
And they, it’s put on by Symantec which obviously writes
Norton Antivirus, you can go there and look up viruses and
Trojans and things like that, like on file names or email
content and things like that. And when you enter it, it will
give you back information about that particular virus or hoax.
And it will tell you what the payload is, what’s the severity,
what’s the damage, and almost always they even have a free
tool that you can use to clean up the virus or Trojan that you
got on your system. If you couldn’t resist the temptation and
you opened the file anyway, they usually have a little fix that
they’ll give you for free.
CLEMENTE: So, George, do you know anybody who’s ever been taken by
one of these Internet scams?
FAULKNER: Well, in regard to phishing, no. You ever gotten sucked into
any of these scams yourself, or...?
CLEMENTE: Well, thank God I haven’t, but I do have members of my
family who often send me virus warnings that are not valid or
they’ll send me.... I even get chain mail. Remember chain
mail?
FAULKNER: Sure.
CLEMENTE: Sure, the St...the Mother Teresa, or the St. Teresa’s prayer,
I still get that. There’s many things that are still floating
around out there, and it really...it really makes me realize just
how vulnerable people still are.
We have some time here at the end for one more item from
our mailbag. A listener mailed us asking, why is all the print
ShortCuts • 1 Sept 2006

IBM Corporation
1133 Westchester Ave.
White Plains, New York 10604
United States
on IBM’s Web site so small I can’t see it? Well, we mailed the
ibm.com Webmaster who wrote us back saying that all font
sizes are displayed in the browser relative to a base size which
users can increase and decrease from the browser menu bar.
In Internet Explore, for instance, go to view, text size, and
select the base size you need. Hope that helps.
FAULKNER: For a transcript of today’s show, visit us on the Web at
ibm.com/shortcuts. There you’ll find more information on
this week’s topic.
CLEMENTE: And again, if you’ve got a question for our experts, write us
at cuts@us.ibm.com. From all of us at ShortCuts, thanks for
listening.
[END OF SEGMENT]
ShortCuts • 1 Sept 2006