of activities is marred by new vigilance. Unfortunately, the Internet offers little escape. Every day, hackers determine new ways to relieve unwitting users of their passwords, credit card information, and other key credentials. Identity theft might seem hard to pull off to common folk like you and me, but the reality is that it usually begins with a single online password being guessed or stolen. Firefox is determined to give you the smoothest possible online experience, and security is no exception. Still, your security online ultimately rests in your hands. This chapter outlines the safeguards Firefox includes and offers recommendations for how you can protect yourself best. Phishing, Pharming, and Phriends Perhaps more frustrating than the online attacks themselves is that each one has its own technical alias. You don't have to know the lingo to stay safe, but it's helpful to speak the same language as the security organizations that are working on your behalf. Phishing: Don't get hooked! One of the most popular types of attacks today falls under a category known as phishing. Phishers bait unsuspecting users into divulging their passwords by creating perfect replicas (known as spoofs) of popular Web sites. One of the most common victims of phishing, for example, is eBay (see Figures 15-1 and 15-2). Every year, hundreds of phishers set up fake versions of the renowned auction site and notify customers that, for whatever reason, they need to click a link (that loads a fake replica of eBay) and enter their eBay login information. As soon as a customer does, his username and password are sent to the owner of the fake eBay, who can then use it on the real eBay. Figure 15-1: The real eBay. Can you tell the difference between this and the Web page shown in Figure 15-2? Figure 15-2: A recent phishing eBay replica. Notice the eBay logo, the login form, and even the Trust button have been faithfully replicated. Phishing scams are prevalent because they're successful, and they're successful because they're nearly impossible to detect. Some phishers are plain lazy and create error-ridden pages that no professional company would churn out, but sophisticated phishers can create look-alikes that mimic legitimate Web sites down to the pixel. The e-mails they send appear to come from respected addresses such as support@ebay.com or accounts@citibank.com. There are, however, a few precious aspects of legitimate Web sites that fakes can't duplicate. Phishers aren't expecting you to recognize these aspects, but these so-called untouchables are your window to safety, as I outline in the next few sections. REMEMBER Even the most experienced computer users fall prey to well-crafted phishing scams. Keep these tips in mind while surfing and be sure to review your bank statements regularly for unusual charges, just in case a hacker gets past your guard. Don't believe what you read Most identify thefts begin with a phishing scam, and most phishing scams begin with an e-mail or an instant message that appears to come from a reputable source (see Figure 15-3). These messages exist to convince you that you absolutely, positively must click a link and enter in your personal information immediately. Phishers have concocted a dizzying array of explanations: Your information was lost; you might have won a contest; you need to verify that your information is current; your account will be closed; and so on. Although the