Wednesday, February 4, 2009

Phishing: Examples and its prevention methods.




What is phishing?


Phishing in this computer world is where perpetrator using fraud method and criminally and fraudulently steal people information such as usernames, password, credit card number, bank account number to invade other people privacy.
Communications purporting to be from popular social web sites (YouTube, Facebook, MySpace), auction sites (eBay), online banks (Bank of America), online payment processors (PayPal), or IT Administrators (Yahoo) are commonly used to lure the unsuspecting।


How phishing works?

The perpetrator carried out using e-mail addresses and instant messaging. They will use fake website they have created instead of legitimate one to steal the information from people, the fake e-mail address that they have sent usually redirect to the perpetrator website which is fake so that it look similar to the original website.
Phishing occurs when a consumer receives a deceptively-legitimate looking e-mail from what appears to be a reputable company. The e-mail asks recipients to update their credit card information or their account will be promptly terminated. Or the message offers a service to protect their credit cards from possible fraud.

The best way to protect yourself from phishing is to learn how to recognize a phish.

Phishing e-mail:



What to look for in a phishing e-mail:

1. Generic greeting: Phishing e-mails are usually sent in large batches. To save time, Internet criminals use generic names like “First Generic Bank Customer” so they don’t have to type all recipients’ names out and send emails one-by-one. If you don’t see your name, be suspicious.
2. Forged link: Even if a link has a name you recognize somewhere in it, it doesn’t mean it link to the real organization. Roll your mouse over the link and see if it matches what appears in the e-mail. If there is a discrepancy, don’t click on the link. Also, websites where it is safe to enter personal information begin with ‘https’ – the‘s’ stand for secure. If you don’t see “https” don’t proceed.
3. Requests personal information: The point of sending phising e-mail is to trick you into providing your personal information. If you receive an e-mail requesting your personal information, it is probably a phishing attempt.
4. Sense of urgency: Internet criminals want you to provide your personal information now. They do this by making you think something has happened that requires you to act fast. The faster they get your information, the faster they can move on to another victim.

Example of Phishing email from PayPal:



Example of Phishing email from Citibank:


Example of Phishing email from eBay:



Example of Phishing email from YouTube:





Phishing website:


What to look for in a phishing website:

1. Poor resolution: Phishing websites are often poor in quality, since they are created with urgency and have a short lifespan. If the resolution on a logo or in text strikes you as poor, be suspicious.
2. Forged URL: Even if a link has a name you recognize somewhere in it, it doesn’t mean it links to the real organization. Read URLs from right to left – the real domain is at the end of the URL. Also, websites where it is safe to enter personal information begin with “https” – the “s” stands for secure. If you don’t see “https” do not proceed. Look out for URLs that begin with an IP address such as http:// - these are likely phishes .

Example of Phishing website from Paypal:



Example of Phishing website from Citibank:


Example of Phishing website from eBay:


Example of Phishing website from YouTube:



How to spot phishing scams:
1. Keep your e-mail and Instant Message Addresses Private
2. Immediately report suspected phishing contacts
3. Limit your dialogue
4. Never reply to e-mail message that request your personal information
5. Don’t click links is suspicious e-mail, the link might not be trustworthy
6. use the strong or different password for each of your accounts and change them frequently
7. Don’t send personal information in regular e-mal messages
8. Do the business only with companies you know and trust
9. Help protect your PC, keep your PC updated and use antivirus software
10. Monitor your transaction, using just one credit card for online purchases makes it easier to track your transactions
11. Use credit cards for transactions on the Internet instead of debit cards to avoid the big credit limit from your bank account


If you receive a suspicious e-mail, you can send it to the US Federal Trade Commission at spam@uce.gov or you can just click the ‘report as junk’ button on your e-mail program.
Learn more about protecting yourself from online identity theft with the FREE Computer Safety Pro e-Course. http://www.ComputerSafetyPro.com
Microsoft also provides the method to fight for the spammers or phishing actives. http://www.microsoft.com/protect/yourself/phishing/identify.mspx


References:

http://en।wikipedia.org/wiki/Phishing
http://www.phishtank.com/what_is_phishing.php
http://evolutionboyz.blogspot.com/2008/06/phishing-examples-and-its-prevention.html
http://chowkamleeng.blogspot.com/2008/06/phishing-examples-its-prevention.html
http://ezinearticles.com/?How-to-Prevent-Phishing-Scams&id=1147318

No comments:

Post a Comment