PHISHING: WHAT IS IT?Phishing is a criminally fraudulent process of attempting to acquire sensitive information such as user names, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter personal and confidential information at a fake website which looks almost identical as the legitimate one. Legitimate organizations would never request this information of you via e-mail. It is an example of social engineering techniques used to fool users and exploits the poor usability of current website security technologies.
Phishing e-mail
As shown above, the phishing e-mail scam is where the attacker claims to be acting in the interest of safety and integrity for the online banking community. Of course, in order to do so, you are instructed to visit a fake website and enter critical financial information. Then, the attacker will use that information to disrupt the safety and integrity which they claim to protect. Therefore, here are some tips of prevention on what to look for in a phishing e-mail.
What to look for in a phishing e-mail:
Generic gretting
Phishing e-mails are usually sent in large batches. In order to save time, Internet criminals use generic names like "Dear Citibank Customer" so they do not have to type all recipients' name out and send e-mails one by one. If you do not see your name appearing, be suspicious.Forged link
Even if a link has a name you recognize somewhere in it, it does not mean it links to the real organization. Roll the mouse over the link and see if it matches what appears in the email. If there exists a discrepancy, do not click the link. Websites which are safe begin with "https", where the "s" stands for secured. If you do not see "https", please do not proceed.
Request of personal details
The point of sending phishing e-mails is to trick users to provide their personal information. If you receive an e-mail requesting for your personal information, it is most probably a phishing attempt.
Sense of urgency
Interner criminals want you to provide your personal information now. They do this by making you think that something has happenned and requires you to act fast. The faster they get your personal information, the faster they can move to another victim.
Phishing website
A phishing website or sometimes called as 'spoofed site' tries to steal your account password or other confidential information by tricking you into believing that you are on a legitimate website. You can even land on a phishing site by mistyping the web address (URL). It is easy for phishers to create websites that look like a genuine article, complete logos and other graphics of a trusted website. Here are some tips that can help you distinguish a real website from a phishing site.
Prevention Tips:
Check the web address
- Incorrect company name - Web address of phishing sites often looks correct but actually contains common mispelling of a company's name or a character or symbol after or before the company's name. Look out for tricks such as substituting 'I' with '1' in a web address.
- Missing slash- To verify that you are on a legitimate site for example, eBay site make sure a forward slash ("/") appears after the ebay.com in the address bar
Be alert of pop-ups
Be careful if you are sent to a website that first displays a pop-up window asking you to enter your user name and password. Phishing scams may lead to a legitimate site but uses the pop-up to gain your account information.
Give a fake password
If you are not sure whether a site is authentic, do not use your real password to sign in. If you enter a fake password and it appears to be signed it, then most likely you are on a phishing site. Do not enter any information and immediately close your browser. At times, some phishing sites automatically displays an error message regardless of the password you have keyed in. So eventough your fake password was rejected, please do not assume the site is legitimate.
Use a web browser with anti-phishing detection
Both Internet Explorer and Mozilla Firefox web browsers have free add-ons or plug-ins that can help you detect phishing sites.
Reference link:
http://en.wikipedia.org/wiki/Phishing
http://only4fact.wordpress.com/2009/06/27/phishing-examples-and-its-prevention-methods/
0 comments:
Post a Comment