Wednesday, June 18, 2008

Phishing - Examples and its prevention methods

Phishing is defined as a criminal or fraudulent action which through e-mail, instant message, link manipulation, filters evasion, website forgery or phone phishing. The purpose of “phisher” is to steal others' usernames, password, and credit card details.


Examples,

The example of phishing e-mail shown as above is targeting Paypal users. The spelling mistakes in the e-mail and the presence of an IP address in the link (visible in the tooltip under the yellow box) are both clues to prove that is a phishing attempt. The e-mail above lack of personal greeting, other signs that the message is a fraud are misspellings of simple words and the threat of consequences such as account suspension if the recipient fails to comply with the message’s requests.



Some phisher show official-looking logos from real organizations or identifying information taken from legitimate website in their pop-up windows. The example above show a deceptive URL addresses that links to a scam website. It could be a phony scam site or pop-up window that looks like the official site. Once you are at one of these “spoofed” websites, you might unveil your personal information accidentally.

Some phrases like “Verify your account”, “If you don’t respond within 48 hours, your account will be closed”, “Dear Valued Customer” and “Click the link below to gain access to you account” might trigger you to send your personal information to the con artists.


There are some methods to prevent phishing (anti-phishing):
1)
Be suspicious of any e-mail with urgent requests for personal financial information.

Phishers always will show some upsetting phrases to make victims react immediately in order to acquire their information. Beware of any suspicious e-mail unless the email is digitally signed.

2) Don't use the links in an email, instant message, or chat to get to any web page if you suspect the message might not be authentic or you don't know the sender or user's handle.

3) Avoid filling out forms in e-mail messages that ask for personal financial information.

4) Always ensure that you're using a secure website when submitting credit card or other sensitive information via your Web browser.

The yellow lock near the bottom of the screen usually is considered as another indicator that you are on a 'safe' site. It will display the security certificate for the site when double-clicked it. Don’t continue if the displayed does not match the certificate.

5) Remember not all scam sites will try to show the "https://" and/or the security lock. Get in the habit of looking at the address line, too. Were you directed to PayPal? Does the address line display something different like "http://www.gotyouscammed.com/paypal/login.htm?" Be aware of where you are going.

6) Consider installing a Web browser tool bar to help protect you from known fraudulent websites. These toolbars match where you are going with lists of known phisher Web sites and will alert you.

For examples, Internet Explorer version 7 and EarthLink ScamBlocker.

7) Regularly log into your online accounts.

8) Regularly check your bank, credit and debit card statements to ensure that all transactions are legitimate.

9) Ensure that your browser is up to date and security patches applied.

10) Always report "phishing" or “spoofed” e-mails to the following groups:


No comments: