03/20/2008

Phishing protection is critical to maintain a safe online experience. Lotus Notes email users, like all email users, get a lot of Phishing emails trying to steal from you. Hopefully, it is stopped by your spam filter. Phishing is a special kind of spam. Spam is mostly an attempt to make a sale to you. Phishing spam, however, is much more serious, as they want to steal from you. They are crooks.

One of the common Phishing expeditions is to send an email that claims money was withdrawn from your account. It wants to then send you to a bogus website where you enter your credentials and then the Phishers have your login and password information, and immediately start withdrawing money from your account. Their "copy" sites look identical to the real site, with real links to actual pages, so it is very convincing.

Bank of America does a nice job letting you know you are really at their site with their "SiteKey" offering. It is designed to make your login to their website unique. How does it work? I select a SiteKey image (in my case a biking helmet). When I visit their site, they recognize my computer from a cookie they have stored. They then show me the SiteKey that they have stored. The Phishers cannot know this information, so they can only hope to pretend to be a bank that does not use this feature, or one like it.

So, if a Phishing email is attempted to be sent from a bogus site claiming to be Bank of America, and the login page does not show my unique SiteKey, I immediately know I am at a bogus site and would not enter my passcode. If I change computers, I need to answer my three challenge questions to establish the new computer as a valid computer.

It is a simple yet powerful idea to prevent Phishing.