There are a number of ways to decide if an email is genuine. Often, people sending phishing emails are not native English speakers, thus there may be basic spelling and grammatical errors. Or the fake website they built is not entirely convincing. Or the URL (i.e. the website address) in the address bar looks suspicious.

All of those problems can be fixed with enough attention to detail. They could hire a freelance proofreader to check for errors and build a more accurate fake website.

In my opinion, the best way to decide if an email is legitimate or not is to ask. Make direct contact with the organisation or person the email is supposedly from, and see if they know about it. Don’t reply to the original email, as the return address often leads back to the scammers. Instead, look up contact details in an online phonebook, or by going directly to an organization’s website.

Not only does this give you an authoritative answer, you are also alerting the organization that’s being targeted, giving them more time to react.

Which emails should you be cautious about? Any that request personal information (e.g. passwords, addresses) or money.

IT Security reporter Brian Kerbs notes that there is a website selling “identities” (that is, all the information required to pretend to be someone else) for around 25 US cents each.

That princely sum gets you:

first name, last name, middle name, email address, email password, physical address, phone number, date of birth, Social Security number, drivers license number, bank name, bank account number, bank routing number, the victim employer’s name, and the number of years that individual has been at his or her current job

Apparently 300-400 new identities are available for purchase each day.

Usually this sort of information is used to fraudulently obtain credit cards, loans, or overdrafts in the victims name, most of whom don’t find out until credit agencies contact them for repayment.

American identities have traditionally been targeted due to the ease of obtaining US Social Security Numbers (SSN), and because US financial institutions often treat the SSN as identifying information.

It is entirely possible that New Zealand has featured less prominently in the ID theft arena simply because of our smaller population and lower global prominence. Regardless, take basic steps to protect your personally identifying information. Don’t disclose birthdays, maiden names, IRD numbers, or bank account numbers (among other things) to people or organizations that don’t need that information.

Troy Hunt takes a look some iOS apps with regards to security and privacy. Here’s a hint: In the apps analyzed there isn’t much of either.

The information is collected by creating a proxy server to act as a middleman between the app and the server. This way the proxy server can see everything that passes back and forth, and save that data for analysis.

http://www.troyhunt.com/2011/10/secret-ios-business-what-you-dont-know.html

While reading the nakedsecurity blog I had to have a chuckle at a joke which was named funniest at Edinburgh Fringe. This from Stand-up comedian Nick Helm:

"I needed a password eight characters long so I picked Snow White and the Seven Dwarves."

It’s important to patch and update your applications as security problems are discovered and fixed. However, not all applications will update themselves automatically, and it’s hard to keep track of each and every one of them.

Secunia Personal Software Inspector (PSI) is an app that automatically detects and installs missing security updates on your Windows computer (or you can opt to manually scan and install if you prefer).

Secunia PSI is an excellent tool to have on your personal computer, and is a valuable extra layer of protection against insecure programs. There is even a quick instructional video on YouTube to get you started.