How to Spot a Phish

Just in case you haven't been paying attention, I am going to give you a short course in how to avoid becoming a victim of a phisher. Phishing, as you should already know, is the fraudulent use of graphics from a legitimate website, in an attempt to get you to click on a link in an email that will take you to a phony site, and try to convince you that you are secure when you enter your user name and passwords. Pay attention. In every email that contains a highlighted link, move your mouse over the link, and look at the bottom of your browser to see where the link is REALLY sending you. Here is an example of what I got when I scrolled over an email today, ostensibly from PayPal: "http://www.arolosweyr.co.uk/.us/cgi-bin/paypal-security/webscr-cmd=login&run/secure/login/"
Now, what does this URL tell me? First, the website is in the U.K., a sure tipoff that it isn't really PayPal. Second, the use of a webscript (webscr) is a tipoff that the site is bogus. Finally, the "cgi.bin" is a dead giveaway. This is a site you DO NOT want to go to. In fact, some of the phishers are now spoofing the URL, and the site might not contain these keys. So, the only rule is, if you want to go to such a site, go to your browser, and manually type the web address of your provider. In addition, use FireFox 2, and load the Netcraft toolbar. If the site is risky, a little toolbar at the tip turns red. For some of you, this is all old hat. For the rest of you, though, be careful out there.