An email from a colleague of mine this week prompted this article. She related a story where she received an email from a company with an invoice for items charged to her credit card. Apart from the fact that her credit might be charged for the sum of money mentioned, she was even more concerned that the email came just hours after she had finished browsing a site that sold similar items to what she was invoiced for in the email.
The mail came from an address related to the items mentioned and the site she had browsed earlier. It invited her to click on a link to see the details of the transaction and another link to give feedback on her shopping experience.
Looking at the “phishing“ email it looks very legitimate and did not carry any of the signs of a poor phishing email. The salutation was correct in that my colleague was addressed by name and not some generic term. There was no poor spelling or grammar. The math was correct. The layout cf the invoice was spot on and it gave an estimated delivery date. It carried a line about a return policy and an email to contact customer service. This was a very sophisticated phishing attempt and if not alert a person can easily fall prey to the email and respond to it giving the senders a way into their life.
What aroused her attention was that the size of the items was incorrect and did not meet her specifications. She did not click on any of the links and did not respond to the email but sent it to me first for investigation. She was also aware that she did not make any purchases for items of that type on the morning or the very recent past.
This mail indicated that the senders had a way of monitoring her browsing habits and knew what sites she visited which allowed them to send her this type of message. When browsing we should use the private browsing option of our web browser which is supposed to allow us to browse sites without storing information of the sites we visited in the web browser cache and cookies. This prevents our browsing habits from being tracked by the creators of the various sites we visit.
Tracking cookies are small bits of code that are sent from the websites you visit and stored in your web browser. When next you visit that particular site the information about your last visit is sent to the site. There are cookies that also store information like credit card numbers and other personal information you may have entered into an online form.
I suggest that you also clear the browser cache and you can go to this link http://java.com/en/download/help/webchache.xml for instructions for a number of popular browsers. The web cache temporarily stores copies of web pages, documents and images that passing through it. This is intended to make page loading quicker if you need to revisit the same pages or documents. The web cache and cookies can be rich sources of information for a person once they have access to your machine.
You must be aware that if we used these options the convenience of having pages load quickly will be affected and we will have to wait a few seconds longer for the page to be loaded. For some this might be unacceptable but we have to balance safety with convenience and be aware of the possible consequences.
When a person is able to gain access to the information stored in the cache and cookies of our browsers they can fashion the sophisticated email such as the one my colleague received. Just like my colleague you need to stay alert when browsing and make note of the transactions you make even while browsing privately and clearing the cache after such transactions.