What is Phishing?Phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. PayPal, eBay and online banks are common targets.
Phishing is typically carried out by e-mail or instant massaging, and often directs users to enter details at a website, although phone contact has also been used.
Examples and Prevention Method of Phishing
Phishing emails
Phising emails usually appear to come from a well-know organization and ask for your personal information, such as credit card number, social security number, account number or password. Often times phishing attempts appear to come from sites, services and companies with which you do not even have an account.
How to Prevent?
Important: To be completely safe from phishers, do not click links in emails. If in doubt, close your browser, reopen it, and type the web address for the site you want to visit directly into the Address bar.
- Unofficial “From” address: Look out for a sender’s e-mail address that is similar to, but not the same as a company’s official email address.
- Urgent action requires: Be wary of emails containing phrase like “your account will be closed”, “your account has been compromised”, or “urgent action required”. The fraudster is taking advantage of your concern to trick you into providing confidential information
- Generic greeting: Fraudster may have your email address, but they seldom have your name. Be skeptical of an email sent with a generic greeting suc as “Dear Customer” or “Dear Member”.
- Links to a fake web site: To trick you into disclosing your user name and password, fraudsters often include a link to a fake website that look like the sign-in page of a legitimate website.
- Legitimate link mixed with fake links: Fraudsters sometimes include authentic links in their spoof pages in order to make the spoof site appear more realistic. There are some indicators that an email might not be trustworthy.
- Spelling errors, poor grammar, or inferior graphics.
- Request for personal information
- Attachments
Sample bogus e-mail from Citibank:
Example Phishing on eBay:
Phishing Web Site
A phishing web site (spoofed) tries to steal your account password or other confidential information by tricking you into believing you’re on a legitimate web site.
Important: If you’re at all unsure about a web site, do not sign in. The safest thing to do is to close and then reopen your browser, and then type the URL into your browser’s Address bar.
How to Prevent?
1. Incorrect company name: Look out for tricks such as substituting the number “1” for the letter “I” in a web address (for example, www.paypa1.com instend of www.paypaI.com ).
2. http:// at the start of the address on Yahoo! sign-in pages: A legitimate Yahoo! sign-in page address starts with “https://”. Look for the letter “s” following “http”.
3. Missing slash: Make sure a forward slash (“/”) appears after “yahoo.com” in the Address bar.
A slash (“/”) after “yahoo.com” can help identify a Yahoo! site.
For example, "http://www.yahoo.com:login&mode=secure" is a fake web site address.
Both Internet Explorer 
and Mozilla Firefox 
web browsers have free add-ons (or “plug-ins”) that can help you detect phishing sites.
How to Spot Phishing Scams:
- Don’t click links in suspicious e-mail, do not copy and paste links from messages into your browser.
- Use strong passwords and change them often.
- Don’t send personal information in regular e-mail messages.
- Do business only with companies you know and trust.
- Make sure the web site uses encryption
. - Help protect your PC. Use firewall, keep your computer updated, and use antivirus software.
- Monitor your transactions. Review you order confirmations and credit card and bank statements.
- Use credit cards for transactions on the internet
No comments:
Post a Comment