Introduction
Phishing is the criminally fraudulent process of attempting to acquire personal information such as usernames, password and credit card details by pretending as a trustworthy entity using a communication form of electronic. Popular social websites, auction sites, online banks, online payment processor, and IT administrators are commonly used to lure the users. Phishing is normally using e-mail or instant messaging and it often directs users to enter details in a fake website which look and feel like the legitimate one.
Below are the examples of phishing
Phishing is the criminally fraudulent process of attempting to acquire personal information such as usernames, password and credit card details by pretending as a trustworthy entity using a communication form of electronic. Popular social websites, auction sites, online banks, online payment processor, and IT administrators are commonly used to lure the users. Phishing is normally using e-mail or instant messaging and it often directs users to enter details in a fake website which look and feel like the legitimate one.
Below are the examples of phishing
In the example PayPal phish(above), there is spelling mistakes in the e-mail and the presence of an IP address in the link are both clues that this is a phishing attempt. Legitimate PayPal will always greet the users with his or her real name, not just with a generic greeting like ‘Dear Accountholder’.
In the example above, phishing using the generic address ‘Dear USbank Cardmember’. The legitimate website will use their user’s real name. So we can know that this is a phishing website.
The methods for avoiding from phishing
There are few effective methods that helps to avoid from being phished:
1.) Do not trust email which required personal financial information urgently. A phishing website will request the user to react immediately and therefore include upsetting or exciting statements. Never give any account information on the web, there is no any bank or any internet commerce will need to ask you for your account information. Report the incident to your bank or the actual company supposed to have sent you the email so they can take steps to prevent the fraud from scamming people.
2.) Do not call any number or use any link in the suspected email as this may put you in the hands f those responsible for the phishing attack. It is safer to write the banks specific address in the address field or call the banks specific number as found on their official pages. However, phishers can change your host’s file which thereby redirects specific URL’s to a page of their choosing.
3.) Be suspicious of impersonal emails, as phishing attacks are directed towards millions of people through email spam. The emails are therefore impersonal and general and a email from your bank will be usually personal in nature.
4.) Do not fill out personal financial information that forms in email messages. Typically phishing scams or hoaxes will ask for personal information such as usernames, passwords, credit card numbers, and security number through an online form. Actually, the banking companies will never ask for account information. Therefore, a request for these types of information should ring the alarm bell.
5.) Try to log into your online accounts at least once a month or more frequently. Always check all credit, bank and debit card statement to make sure that all notations are accurate.
6.) Always ensure that you are using a secure website when you are submitting your financial information via web browser. However, phisher can get you entering their own website and create a”secure link” for you to give all the information they need.
7.) Ensure that your browser is up to date and security patches applied. The Microsoft Internet Explorer browser has several security holes exploited by phishing attacks. Download the security patches at Microsoft Security home page, http://www.microsoft.com/security/
8.) Help stop phishing by reporting "phishing attacks" or “spoofed” e-mails to the following groups:
· Forward the email to reportphishing@antiphishing.com
· Forward the email to the Federal Trade Commission at spam@uce.gov
· Forward the email to the "abuse" email address at the company that is being spoofed (e.g. "spoof@ebay.com") when forwarding spoofed messages, always include the entire original email with its original header information intact
· Notify the Internet Fraud Complaint Center of the FBI by filing a complaint on their website: www.ifccfbi.gov
8.) Help stop phishing by reporting "phishing attacks" or “spoofed” e-mails to the following groups:
· Forward the email to reportphishing@antiphishing.com
· Forward the email to the Federal Trade Commission at spam@uce.gov
· Forward the email to the "abuse" email address at the company that is being spoofed (e.g. "spoof@ebay.com") when forwarding spoofed messages, always include the entire original email with its original header information intact
· Notify the Internet Fraud Complaint Center of the FBI by filing a complaint on their website: www.ifccfbi.gov
No comments:
Post a Comment