Sunday, June 22, 2008

Phishing: Examples and its prevention methods

Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication
.


Phishing normally uses e-mail messages that purport to come from legitimate businesses that one might have dealings with banks, online organizations, Internet service providers, online retailers, and insurance agencies such as Citibank, e-bay, PayPal, Yahoo, MSN, and EarthLink.
The messages send by phishing may look quite authentic, featuring corporate logos and formats similar to the ones used for legitimate messages. Typically, they ask for verification of certain information, such as account numbers and passwords, allegedly for auditing purposes.


Examples:
On Nov. 17, 2003, many eBay Inc. customers received e-mail notifications that their accounts had been compromised and were being restricted. In the message was a hyperlink to what appeared to be an eBay Web page where they could re-register. The top of the page looked just like eBay's home page and incorporated all the eBay internal links. To re-register, the customers were told, they had to provide credit card data, ATM personal identification numbers, Social Security number, date of birth and their mother's maiden name. The problem was, eBay hadn't sent the original e-mail, and the Web page didn't belong to eBay -- it was a prime example of phishing.


Photobucket

Citibank phishing examples

Photobucket

Flagstar Phishing example

Photobucket


There are several different techniques to combat phishing, including legislation and technology created specifically to protect against phishing.
One of the strategy for combating phishing is to train people
to recognize phishing attempts, and to deal with them.There are several sign that will give the user to recognize the phishing attempt.

(1) Spelling mistakes in the e-mail


Photobucket



(2) the presence of an IP address in the link

Photobucket


(3) Another giveaway is the lack of a personal greeting, although the presence of personal details would not be a guarantee of legitimacy. A legitimate Paypal communication will always greet the user with his or her real name, not just with a generic greeting like, "Dear Accountholder."

Photobucket

(4) Other signs that the message is a fraud are misspellings of simple words, bad grammar and the threat of consequences such as account suspension if the recipient fails to comply with the message's requests.

The best ways to avoid phishing is use your own judgement. There is no financial institution will request your personal information through e-mail. So let yourself get trap in the phishing.

No comments: