bCentral Home
Your Online Business Center

Gone phishing

How not to get caught by scammers

By Matthew Stibbe

Phishing is the evil art of sending a fake email to someone in the hope of conning them into doing something they wouldn't otherwise do. For example, luring them to a fake bank website where they enter their account number and password or tricking them out of their eBay identity.

The problem is growing. The combination of fake emails and fake websites is a powerful for online criminals. The Anti-Phishing Working Group found 9,666 fake websites in March alone. Not only that but the criminals are getting better at it.

Spot the fake

Traditional advice, though useful, is less and less effective at spotting the fakes. In the past bogus emails have been easy to spot because of obvious mistakes:

Implausible-looking email addresses

Lots of spelling mistakes

Vague salutations ("Dear Customer", rather than your name)

The use of images rather than text

A false sense of urgency ("your account is going to be closed")

The same things applied to fake websites. Badly-formatted or amateurish sites were easy to spot. Not any longer.

Fakes are getting better

Recent research from Harvard and Berkeley Universities suggest that people often don't even spot these giveaways but, more worryingly, the phishers are getting better at fooling us. The 'best' phishing site fooled 90% of the people surveyed.

One company has published a website where you can test your own ability to spot fakes. I have to admit that I didn't get 100 per cent. See what I mean?

Protect yourself

I recommend a combination of caution, knowledge and technology to protect yourself from phishing:

Learn to spot spoof emails on eBay.

Read about fake websites on Get Safe Online.

Report phishing attacks to the AWPG and Bank Safe Online.

Look out for Internet Explorer 7 which will warn you if you go to a fake site that it recognises. You can play with the beta version now.

The new safe search tool, www.Scandoo.com, lets you use regular search engines like MSN Search but adds a warning about dodgy sites.

Commercial products, like CloudMark Desktop, can help block phishing emails and their Anti-fraud Toolbar can do the same thing for websites.

What next?

You can get free security training with Microsoft Small Business+ right now. (Free registration required).

Learn how to stop identity thieves targeting your business.

Matthew writes a new column every fortnight. Subscribe and get each edition direct to your inbox.


Sign into Microsoft Small Business+ for free web-based training, online chat help and software support.

sign in
Security information

Find a local Microsoft Small Business Specialist to help with your IT needs

Microsoft Small Business SpecialistMore info >

What do 'flexible working' practices mean to you?

What do 'flexible working' practices mean to you?






Free business newsletters - subscribe now

Our free newsletters are packed full of business advice and ideas - plus all the latest news

Security information

Get the latest bulletins and updates direct from Microsoft