Phishing is the practice of sending fake emails, claiming to be from a bank, credit card company, or some other such organization that has personal information.

These emails usually claim that your account has been limited, or information needs to be updated, or some other reason that you need to go log into the site and correct the problem.

The email then contains a link taking you to the site purportedly belonging to the organization, which is, in fact, a site owned by the scammer.  Your information, credit card details, bank username and password, or other private information is then given to the scammer, if you fill out the form and click the submit button.

To combat this activity, security industry players have created databases of known phishing sites, such as http://www.phishtank.com, which web browsers and security software can use to verify sites that you visit.  These databases have a method to submit new phishing sites, which I have done myself, which are then checked and verified by other users, and in turn used to warn visitors to the phishing site that it is not legitimate.

As with anything in the security industry, though, this is a game of oneupmanship.  To bypass the online databases of phishing sites, the phishers are now using a new tactic, which I've noticed a couple of times in the past month.  Undoubtedly, this method will grow in popularity, due to the difficulty of controlling it.

What the phishers are now doing, instead of emailing a link to a fake online login form, is to email the entire form itself.  The form shows as an attachment to an email, which, when clicked, opens in your web browser, just the same as a regular phishing site.  What is different, though, is instead of being loaded from http://www.phishers.com/FakePayPalLogin/, enabling your browser's phishing protection to warn you, it's loaded directly from your own computer.

A local file, loaded from your own computer, is assumed to be safe. In fact, a local file has to be assumed safe, or various components of Windows would break, due to the way Microsoft has chosen to integrate these components.

The form is a pure HTML document, like a web page, which simply directs the form data to a malicious server, set up to harvest data from victims.  In one case, I've seen it encoded using Javascript to be difficult to analyze.

At this point, I can't think of a way to handle this.  The only real way to find dangerous files on your own computer is through antivirus and antispyware software.  But since the form is simply an HTML web page, with no dangerous content, it's very difficult, if not impossible, for antivirus software to detect.

It will be interesting to see what the security industry comes up with to combat this, and I'll be working on the problem myself, also.  In the meantime, keep an eye out for such attachments supposedly coming from these types of sites.

The new website is now officially live.

Not all content is currently moved over, but this will be happening in the next day or two.

In the meantime, if you need something that was on the old site, you can access it at

http://oldsite.cbserviceslondon.com.

At CB Services, we can fix your computer!

Quality

CB Services is a low-cost, high quality technology service provider. We do this by eliminating the corporate overhead of most larger businesses. When you go to a big box store to get your computer repaired, you pay $80 per hour, of which only $10 goes to the technician. What kind of a technician can you get for $10 an hour?

The rest of your money goes to pay for flashy advertising, multiple layers of managers, and a corporate head office that may not even be in your country.

In the process, business decisions are not made based on what will make the company the most money, but what makes the best technical sense for the customer.  CB Services is run by technical expertise, not marketing.

Security

Consider that the number of personal records stolen in data breaches from a company or organization since January 2005 has reached over 150% of the population, and identity theft is at an all time high.

Specializing in data security, CB Services can help ensure that your critical and confidential business data will not be leaked out to identity thieves, or the competition.

In fact, in the entire history of CB Services, no company that's been following our advice for data security has ever had a data breach.  How many technology companies can say that?

Convenience

Remote Support: As long as your computer will turn on and connect to the Internet, problems such as spyware and viruses, driver installs, and basic training can be handled with our remote support service. You don't need to take your computer anywhere.

Choice

A leading Linux system builder in London, Ontario, we have technicians certified in Linux, Windows 95/98/Me, and Windows NT/2000/XP, as well as networking, and other high-end information technology requirements.