Watch out now

I arrived home from work early today because my eye was bothering me. I don’t know what is wrong with it but it stings every now and then. I couldn’t stand it no more so I left work early. I arrived home, opened up my email client and saw that I had two emails. But they’re not your everyday emails.

The first email was from the Bank of America informing me that they have recently reviewed my account and suspended it because it may have been accessed by a third party. If I wanted to restore my account, I have to confirm my identity by signing into my account. I don’t have an account with the Bank of America so I ignored it, thinking it was nothing but spam.

I opened up the second email and it was the same, only this time it was from Royal Bank. I currently have an account with RBC so I read more of this email. It stated the same thing as the first email so I’m thinking that there’s a hacker going around trying to get into other people’s account. But this email asked me to confirm my identity as well.

rbc01.jpg

It provided a link to the RBC webpage, so I click on it to see where it would take me to. Below are a couple of thumbnails. One of them is page that the email was linked to. The other is the actual RBC web page. Can you tell the difference?

If you guessed that the first one is the real one, you are wrong. The first page shows some warning about ‘phony’ emails so you may think that it’s real because they are warning you about a security issues. The second one doesn’t show anything but a sign in form. To the average users, distinguishing the difference between a ‘phishing’ website and a legitimate website is hard because both of the pages look very similar. Phishing, as it is known, is the act of tricking someone into giving out confidential information. It’s call ‘phishing’ because the hacker throws out a bait and hope that you bite. The hacking community likes to replace all their ‘f’ with ‘ph’ for some reason. I don’t know why exactly they do that but they do.

One way to detect if you are being fooled is by looking at the address bar. Most website that contains confidential personal information has some sort of encryption protocol in place. Take a look at the two images below, you will see the difference immediately.

rbc04.jpg rbc05.jpg

The next time you receive an email asking you to confirm your identity, please take precaution. Phishing sites are becoming more and more sophisticated. The big browser companies are working on ways to fight it. If you’ve noticed, I’m using Firefox which shows that you’re on a secure website by displaying a lock in the address bar. Internet Explorer has this feature too but it is display at the bottom of the page. The newer version of IE is going to have the lock displayed on the address bar, but it is currently in its beta stage. So if you want better security, use Firefox for the time being until Microsoft gets a working version of IE out.

Although, sometimes even the most techincally advanced users are fool by these sites. Why, you may ask. Well, it has something to do with the appearance. You wouldn’t know what a phishing site would look like because you rarely see it. To you, it would look like a regular web page.