Tuesday, February 10, 2009

Phishing

What is phishing?

Phishing is the act of sending an e-mail to a people claiming to be an established legitimate enterprise in an attempt to trick the user into surrendering private information for the purposes of identity theft. The e-mail is designed to fools and directs the user to visit a website where they are asked to update their personal information, such as passwords and credit card, and bank account numbers, that the legitimate organization already has. The website, however, is fake and set up only to steal the user’s information.

Here are some examples of phishing scams such as :

1. Washington Mutual Bank phishing e-mail
http://z.about.com/d/antivirus/1/5/x/1/wmb_phish.jpg

This is a phishing scam targeting Washington Mutual Bank customers. This phish claims that Washington Mutual Bank is adopting new security measures which require Bank customers to confirm their ATM card details. As with other phishing scams, the victim is directed to visit a fraudulent site and any information entered on that site is sent to the attacker.


2. PayPal phishing email

http://z.about.com/d/antivirus/1/5/5/2/paypal_phish.jpg

3. eBay phishing scam
http://z.about.com/d/antivirus/1/0/v/1/ebay_phish.jpg

PayPal and eBay were two of the earliest targets of phishing scams. In the example above, PayPal phishing scams tries to trick recipients by pretending to be some sort of security alert. Claiming that someone 'from a foreign IP address' attempted to login to your PayPal account, the email urges recipients to confirm their account details via the link provided. As with other phishing scams, the displayed link is a fake one.

The eBay phishing email even includes the eBay logo in an attempt to gain trust of users. The email warns that a billing error may have been made on the account and urges the eBay member to login and verify the charges.

4. Citibank phishing scam
http://z.about.com/d/antivirus/1/5/u/1/citibank_phish.jpg

The attacker claims to be acting in the interests of safety and integrity for the online banking community. Of course, in order to do so, you are instructed to visit a fake website and enter critical financial details that the attacker will then use to disrupt the very safety and integrity they claim to be protecting.

How to Spot A Phishing Scam?

At first glance, it may not be obvious to the recipients that what is in their inbox is not a legitimate e-mail from a company with whom they do business. The "From" field of the e-mail may have the .com address of the company mentioned in the e-mail, and the clickable link may also appear to be taking you to the company's Web site, but will in fact take you to a spoof Web site. Looks can be deceiving, but with phishing scams the e-mail is never from who is appears to be!

1. The "From Field" appears to be from the legitimate company mentioned in the e-mail. It is important to note, however, that it is very simple to change the "from" information in any e-mail client. While we're not going to tell you how, rest assured it can be done in a matter of seconds!

2. The e-mail will usually contain logos or images that have been taken from the Web site of the company mentioned in the scam e-mail.

3. The e-mail will contain a clickable link with text suggesting you use the inserted link to validate your information. In the image you will see that once the hyperlink is highlighted, the bottom left of the screen shows the real Web site address to which you will go. Note that the hyperlink does NOT point to the legitimate Citibank Web site URL.

In this instance, the text you click is "here", However, this may also state something like "Log-in to Citibank" or "www.citibank.com/secure" to be even more misleading. This clickable area is only text and can be changed to anything the sender wants it to read.

There are several steps you can take to keep from being a victim of phishing, including these:

* Be cautious of email asking for your personal information
* Don’t click on the link within emails that ask for your personal information
* Never enter personal information in a pop-up screen
* Protect your computer with spam filters, antivirus and antispyware software, and a firewall
* Only open email attachments you are expecting and know what they contain

No comments:

Post a Comment