Friday, February 6, 2009

Phishing: Examples and its prevention methods.



Day after day, computer users are bomb with an increasing number of phishing-based emails and attacks.

WHAT ARE “PHISHING’?

Phishing is a high technology and criminal process of attempting to acquire people personal information such as information of the credit card, user name and password of ATM Card or personal sensitive or financial data. Once the thieves have the information’s, they may use it for the following things:-

1. opening credit lines using your name and use it to buy expensive item such as gold, jewelry;
2. applying loans form unauthorized financial institution;
3. declaring bankruptcy using your name; or
4. using your name commit criminal

Phishing is usually carried out by e-mail or instant messaging, and it often makes the users to enter details at a website without any doubt. Phishing is an example of social engineering techniques which takes advantage between people and technology. People often trust information they receive via e-mail or from a website.


EXAMPLES OF PHISHING


















An example of a phishing e-mail, from an official e-mail of a (fictional) bank. The sender is tried to trick the recipient into revealing secure information by “confirming” it at the phisher’s website. Note the misspelling of the words received and discrepancy.



Example PayPal Scam Email:


You've added an additional email address to your PayPal account.

If you don.t agree with this email
philip@adelphi.net and if you need assistance with your account, please click here to login to your account.

To make sure you can use your PayPal account the next time you make a purchase, all you need to do is confirm or not your email address. If your email program has problems with hypertext links, you may also confirm your email address by logging in to your account.

Thank you for using PayPal!

Sincerely,
PayPal Customer Service

----------------------------------------------------------------


Here is what PayPal suggests:


Look for a PayPal Greeting
PayPal will never send an email with the greeting "Dear PayPal User" or "Dear PayPal Member." Real PayPal emails will address you by your first name and the last name or the business name associated with your PayPal account.

Don't share personal information via email
We will never ask you to enter your password or financial information in an email or send such information in an email. You should only share information about your account once you have logged in to https://www.paypal.com/.

Don't download attachments
PayPal will never send you an attachment or software update to install on your computer.


PREVENTION METHODS
1. Be aware of any email requesting personal information. Don't reply to any suspicious looking emails or click on any links that you're unsure of.

Always ensure that you are on a secure connection to a web server when submitting personal information across the Internet. This is determined by:
· Seeing an https:// appear in the URL instead of http://
· Seeing a picture of a locked padlock in the lower right-hand corner of the BROWSER WINDOW, not the page itself. (Before careful, sometimes phishers display this icon on their website to trick users into thinking they have a secure connection!)


2. Be suspicious of any email with urgent requests personal information.

Phishers have been known to include upsetting statements in their emails to get people to react immediately. Some of them toned down their language as e-mail recipients in order to attract you to believe. Either way, the e-mail typically asks for information such as usernames, passwords, credit card numbers and social security numbers.

3. Be careful of emails that are not personalized and or contain spelling errors

Many phishing emails are sent in great bulk and, therefore are not personalized. If you are suspicious of email claiming to be from your institution that is not personalized, call your institution before responding to the email to confirm the validity.

4.
Be careful of personalized emails that ask for personal financial information.

Be suspicious of any email that contains some personal financial information such as a bank account number, and ask for other information such as a PIN. Your bank will never ask for or send you financial information by email.

5. Do not use links in an email to get to a banks webpage.

Call the bank via telephone to confirm the address. You may also log onto the banks website directly by typing in the web address in your browser.

6. Do not complete forms in email messages that ask for personal information.


Your bank would never ask you to complete such a form within the body of an email message.
Regularly log on to your online accounts and check your bank, credit and debit card statements to ensure that all transactions are legitimate.
The advantage of banking online is enabling you to regularly review your account for unauthorized or unusual activity. If anything is suspicious, contact your bank and appropriate card issuers immediately.
Ensure that your internet browser program is up to date and that the most recent security updates have been applied.
Always visit your browser provides homepage to download the latest security patches even if they don’t alert you to do so.

No comments:

Post a Comment