UK Home Academics Athletics UK's Chandler Medical Center Research Site Index Search UK

 

College of Agriculture Cooperative Extension Service Signature LogoExtension Header Image
 Family & Consumer Sciences College of Ag Home Site Index Search People Help

HOME

Kentucky High School Financial Planning Home Page

Back to E-Mail Updates page

HSFPP Weekly Update # 124—New Twist to “Phishing” Scam

Message from Bob & Chris : Update # 112, from January, dealt with “phishing,” which is the act of sending an e-mail that appears to be from a legitimate financial institution, asking for your private financial records such as bank account numbers, credit card numbers, and your Social Security number; with this information, “phishers” steal your money and your identity. These e-mails are sent to many people at once, and the perpetrators of this scam can expect a percentage of those who receive the message to respond and send the information.

This week, we deal with a new twist to the phishing scam, “pharming.” In this scam, phishers, without using e-mail, try to get consumers to go to fraudulent Web sites instead of a legitimate financial institution’s Web site. Pharmers might even try to attack consumers’ computers this way. Always be careful when doing financial transactions online. Make sure that you are on the real Web site and not a fraud. Companies as well consumers need better firewall protection if they use the Internet for financial transactions. Firewalls block unauthorized outside access to your computer.

What’s New:We soon will add a new index of all the weekly updates on our Web site. This will enable you to look for updates based upon subject matter. For example, this week’s update will go under the category of “Identity Fraud & Theft.” We welcome any suggestions for changes or additions to the index. This should make it easy for 4-H agents, as well as teachers in various subject areas, to find information about a specific topic in our archive of weekly updates. Please keep your feedback coming! We do listen. Also, be sure to check the What’s New section on the Kentucky HSFPP home page for all the latest changes.

The next change we will make based on your feedback is to change the KERA link on our home page to “Kentucky Core Concepts,” and to show how each section or subsection of the HSFPP meets those concepts.   

Related Updates:

Update #118 - Avenues for Identity Theft - 21 February 2005
Update #112 - Online Security and Phishing - 10 January 2005
Update #98 - Protecting Your Social Security Number - 20 September 2004
Update #87 - Stopping Spam - 15 March 2004

Website Pick of the Week:

http://www.antiphishing.org/

The Anti-Phishing Working Group’s Web site is an excellent source of information about recent phishing attacks. Additional resources and other related links also can be found on their site.

Activity for Educators:Have students read this week’s article In the New$... and the Anti-Phishing Working Group’s Web site (below). Then use the discussion questions provided at the end of this update.

Also, you might want to print out the Extension publication, “Making Your Ride on the Internet Safer” (FAM-RHF.110A), to use as a handout for your students to take home to their parents to show what they’re learning in class. 4-H agents might want to do the same with 4-H youth to show parents what teens are learning in the program (and to educate the parents). Or, if your duplicating budget is too tight, you could simply provide them with the following Web site where the publication can be found: http://www.ca.uky.edu/fcs/FACTSHTS/FAM-RHF.110a.pdf.

In the New$... Phishers Moving Away From E-mail “Lures”

“Phishing attacks were up slightly in February, the Anti-Phishing Working Group reported last week, but the trend toward even sneakier ways of scamming identities is growing quickly.

“According to the latest report from the Anti-Phishing Working Group, a coalition of technology companies and law enforcement agencies devoted to eliminating ID theft, the number of phishing e-mail campaigns during February climbed by 2 percent over January, even though the former was three days shorter.

“More important, however, is that phishing without an accompanying e-mail ‘lure’ is becoming more common. So called ‘pharming’ attacks don't rely on legitimate-looking e-mails to lure users to fake Web sites, but automate that process by planting malicious code on vulnerable systems, then modifying the PC's HOSTS file to point to fraudulent sites rather than to the real deal.

“‘There's a continuing trend in the sophistication of the phishers,’ said Dan Hubbard, a lead investigator with Websense's security lab. (The San Diego-based Websense is a member of the APWG, and contributes analysis to the group's monthly reports.) ‘They're constantly getting trickier. Unfortunately, when they start pharming and modifying HOSTS files, a lot of the usual kind of advice about avoiding phishing goes right out the window.’

“With malicious code playing an ever-more-important part in phishing attacks, Hubbard said, users have to step up their defenses. ‘Don't open unexpected file attachments, of course," he said, "and change passwords often. You might also look into some other solution rather than static passwords."

“Those schemes, including two-factor authorization, sometimes hinge on hardware, like USB-based password generators. “Phishers are also expanding the list of their targets, said Hubbard, both by targeting ever-smaller financial institutions and by branching out into previously ‘safe’ kind of sites.”

Source: Excerpted from “Phishers Moving Away from E-mail ‘Lures’,” by Gregg Keizer. http://www.messagingpipeline.com/showArticle.jhtml?articleId=159907296

Activity for Students: Read this week’s article In the New$... and the article at http://www.antiphishing.org/consumer_recs.html. There will be a class discussion about both.

Discussion Questions:

  1. How might your Internet connection make you more vulnerable to phishing scams? (dial-up vs. broadband)
  2. If you have a broadband connection that has you always connected to the Internet, whether you are using the Internet at that moment or not, what can you do to prevent phishers from accessing your computer?
  3. What is a firewall?
  4. Do you think it is a good idea to keep financial information on the hard drive of your computer? Why or why not?
  5. What can you do to make sure you are on a financial institution’s legitimate Web site (before doing business on that Web site)?

 

Kentucky High School Financial Planning Program

http://www.ca.uky.edu/fcs/hsfp

The purpose of this Web site is to assist county extension agents, credit union educators, and high school teachers in improving the economic well-being of our constituency, beginning with today’s students; and also, to assist teachers in Kentucky in meeting KERA’s goal that all students become technologically literate. Weekly Updates are provided by the University of Kentucky Cooperative Extension Service, and are free to all educators.

Questions/Comments · Copyright © An Equal Opportunity University,
University of Kentucky, College of Agriculture
Last Updated:


This is a Java Script that displays the date the page was last modified. It is inconsequential to the navigation and content of this site.