What is Phishing??
In the field of computer security, phishing is a fraudulent attempt to acquire confidential information such as user names, passwords and credit card details by pretending as a trustworthy entity in an electronic communication.
Websites that are frequently spoofed by phishers include popular social websites (YouTube, Facebook, MySpace, Windows Live Messenger), auction sites (eBay), online banks (Wells Fargo, Chase), online payment processors (PayPal), or IT Administrators (Yahoo, ISPs).
Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a fake window whose look are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to fool users, and exploits the poor usability of current web security technologies. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures. The best way to protect ourselves from phishing is to learn how to recognize a phish.
Phishing Examples:
Email users are being bombarded with authentic-looking messages that instruct them to provide sensitive personal information. Phishing occurs when a consumer receives a deceptively-legitimate looking email from what appear to be a reputable company.
What to look for in a phishing email:
- Generic greeting- Phishing emails are usually sent in large batches. To save time,
Internet criminals use generic names like "Chase Bank Customer Update Department" so they don't have to type all recipients' names out and send emails one-by-one. If you don't see your name, be suspicious. - Forged link- Even if a link has a name you recognize somewhere in it, it doesn't mean it links to the real organization. Roll your mouse over the link and see if matches what appears in the email. If there is a discrepancy, don't click on the link. Also, websites where it is safe to enter personal information begin with "https"- the "s" stands for secure. If you don't see "https" do not proceed.
- Requests personal information- The point of sending phishing email is to trick you into providing your personal information. If you receive an email requesting your personal information, it is probably a phishing attempt.
- Sense of urgency- Internet criminals want you to provide your personal information now. They do this by making you think something has happened that requires you to act fast. They faster they get your information, the faster they can move on to another victim
PayPal Phishing Example:
PayPal is an online payment solution provider. It's like an online bank account at which you can receive funds and through which you can pay for products and services that you purchase on the web.
PayPal scam emails have the characteristic phishing attack features. The email subject is usually quite distressing and upsetting such as "Your PayPal account has been hijacked", "Your PayPal account has been blocked" etc. Some even come in milder forms such as "An email address has been added to your PayPal account" which, though, seem harmless, are bound to elicit your interest.
Also, and this is important, a legitimate email from PayPal will be addressed to you - that is, it will carry your name (first name and last name). The phishing emails will, usually, not have this information - in most cases, scam artists have access only to the email address and not the full name of an individual.
How to Prevent Phishing Attacks??
Preventing phishing attacks does not require advanced security skills. Following some basic precautions can significantly reduce this growing problem.
Keep Your Email and Instant Message Addresses Private
The best way to keep yourself from being tempted to respond to a phishing scam is to prevent them from landing in your email box in the first place. You may find it useful to have a separate email address for financial institutions, one for trusted friends and family, and one for general or public use. Many email providers will allow you to redirect emails from each of these different addresses to one account to minimize the inconvenience of checking each account. Do everything possible to keep the address you use for financial transactions as private as possible.
Immediately Report Suspected Phishing Contacts
If you do receive a message you suspect to be a phishing scam, call the customer service phone number right awayto confirm whether you've received an actual message or not. In addition, almost every bank and credit card lender has a website where you can report suspicious emails and instant messages. Typically, they will ask you to fill out a simple form that will give them enough information to trace the origin of the perpetrator.
Anti-Phishing Software
Some of the newer web browsers like Internet Explorer 7 or Firefox 3 have built-in software that can detect and warn against phishing links. Make sure the browser options are properly configured to enable these options. For more protection, an anti phishing toolbar int he browser might be considered. Some of them can check online lists of websites with known problems.
The best way to avoid becoming a phishing scam victim is to use your best judgment. No financial institution with any sense will email you and ask you to input all of your sensitive information. In fact, most institutions are informing customers that "We will never ask you for your personal information via phone or email".
Related link:
http://en.wikipedia.org/wiki/Phishing
http://www.phishtank.com/what_is_phishing.php
http://www.privacyrights.org/ar/phishing.htm
http://www.webdevelopersnotes.com/articles/paypal_phishing_scam_email_attacks.php
http://ezinearticles.com/?How-to-Prevent-Phishing-Scams&id=1147318
http://security-antivirus-software.suite101.com/article.cfm/how_to_protect_yourself_from_phishing_attacks
Posted by Moo Hui Sin~
0 comments:
Post a Comment