Back

Remote Password Disclosure

DANGER

At the time of writing (Summer 2006) this is by far the most prevalent method of Internet fraud. Forget hackers, forget spyware, forget decryption. If Mr. Badguy wants to empty your bank account, all he has to do is email you and ask for your password.

Did I hear you laugh ? - Some people just give it to him!


The problem is that he doesn't write and say:

Hi,
This is Mr. Badguy. Can I have the password for you bank account please.

He says something like this:

Hi,
This is the security department at your bank. Several unsuccessful attempts have been made to log on to your account in the last 24 hours. We strongly advise that you change your password. Click the link below to update your account.
http://mybank.com/update.php

When you click the link, you arrive at your banks password change screen. You then proceed to change your password by first entering the old password and then the new passw..... Too Late - Mr. Badguy now has your password (and your cash).

Put your mouse over the Mybank link above and see where it really goes.


NEVER NEVER NEVER click links in emails asking you to update your account. The fact that your email program says that the email came from your bank is irrelevant. That is easily forged. If you think that there might actually be a problem, go to your bank site, log on and see, but DO NOT CLICK THE LINK IN THE EMAIL.

Back