Posted by: Angel | July 1, 2008

Phishing

Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from PayPal, eBay or online banks are commonly used to lure the unsuspecting. Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a website. Phishing is an example of social engineering techniques used to fool users.

 

EXAMPLES OF PHISHING

 

An example of a phishing e-mail, disguised as an official e-mail from a (fictional) bank. The sender is attempting to trick the recipient into revealing secure information by “confirming” it at the phisher’s website. Note the misspelling of the words received and discrepancy.

(2) phishing e-mail targeted at Paypal users.

 

An example of a phishing e-mail targeted at PayPal users.In an example PayPal phish (right), spelling mistakes in the e-mail and the presence of an IP address in the link (visible in the tooltip under the yellow box) are both clues that this is a phishing attempt. Another giveaway is the lack of a personal greeting, although the presence of personal details would not be a guarantee of legitimacy. A legitimate Paypal communication will always greet the user with his or her real name, not just with a generic greeting like, “Dear Accountholder.” Other signs that the message is a fraud are misspellings of simple words, bad grammar and the threat of consequences such as account suspension if the recipient fails to comply with the message’s requests. Note that many phishing emails will include, as a real email from PayPal would, large warnings about never giving out your password in case of a phishing attack. Warning users of the possibility of phishing attacks, as well as providing links to sites explaining how to avoid or spot such attacks, are part of what makes the phishing email so deceptive. In this example, the phishing email warns the user that emails from PayPal will never ask for sensitive information. True to its word, it instead invites the user to follow a link to “Verify” their account; this will take them to a further phishing website, engineered to look like PayPal’s website, and will there ask for their sensitive information.

 

PREVENTION METHODS

Be suspicious of any email with urgent requests personal information.

  • Phishers have been known to include upsetting statements in their emails to get people to react immediately, a practice known as social engineering more recently, some phishers have toned down their language as e-mail recipients have become more aware of the use of this tactic. Either way, the e-mail typically asks for information such as usernames, passwords, credit card numbers and social security numbers.

 

Be careful of emails that are not personalized and or contain spelling errors and awkward syntax and phrasing.

  • many phishing emails are sent in great bulk and , therefore are not personalized. If your are suspicious of email claiming to be from your institution that is not personalized, call your institution before responding.

 

Be careful of personalized emails that ash for personal financial information.

  • Be suspicious of any email that contains some personal financial information such as a bank account number, and ask for other information such as a PIN. Your bank will never ask for or send you financial information by email.

 

Do not use links in an email to get to a banks webpage.

  • Instead, call the bank on the telephone to confirm the address or log onto the banks website directly by typing in the web address in your browser.

 

Do  not complete  forms  in  email  messages  that  ask  for  personal  information.

  • Your bank would never ask u to complete such a form within the body of an email message.

 

Only  communicate information, such  as  credit  card  numbers  or  account information,  via  a  secure  website  or  the  telephone.

  • A secure web server designation can be found by checking the beginning of the web address in or browsers address bar the address should begin “https…”rather than just “http://…” While you can not be completely sure that a website is secure when its address starts with “https”, you can be sure the website is not secure when it does not.

 

Regularly log on to your online accounts and check your bank, credit and debit card statements to ensure that all transactions are legitimate.

  • One of the real advantages of banking online is being able to regularly review your account for unauthorized or unusual activity. If anything is suspicious, contact your bank and appropriate card issuers immediately.

 

Ensure that your internet browser program is up to date and that the most recent security updates have been applied.

  • Always visit your browser provides homepage to download the latest security patches even if they don’t alert you to do so.

Posted in phishing

«
»

Leave a response






Your response:

Categories