Monday, June 23, 2008

Phishing: Examples and its prevention methods

Do you know what phishing is? Phishing is pronouncing as fishing. It is not the fishing that uses a rod of wood, steel, or fiberglass with a line for catching fish. Phishing is an attempt to criminally and fraudulently acquire sensitive information. It creates a replica of an existing webpage to fool a user into submitting personal, financial, or passwords, such as credit card details. Usually, it sends an email that will direct the user to visit a website where they are asked to update personal information. However, this website that where asked to visit is a fake and set up only website to steal the user’s information.

Examples
There are a lot of examples of phishing in the internet. The most common target would be the Paypal, eBay, and online banks.

In 2003, many people received emails supposedly from eBay claiming that the user’s account was about to be suspended unless they clicked on the provided link and updated their credit card information where the genuine eBay already had their credit card information. This link that lead to the eBay website is a website that look like the genuine eBay website but actually it is a fake website where the HTML code being imitated closely by criminal or beguiler or so called “phisher”.

The second example is Paypal. In Paypal, there is a spelling mistake in the email and the presence of an IP address in the link is different from the link appear in the tooltip under the yellow box. These give you the clues of a phishing attempt.

Besides that, there are some examples for phishing in online bank, such as CitiBank and Citizens Bank. For online bank, usually they will use psychological tricks, known as social engineering, to trick the users. They usually trick on users’ fears. The fake email looks very real compare with the real Citicorp email. Moreover, the link in the email contains the name “Citibank” that users believe that it is an email from Citibank but actually it has nothing to do with Citibank. In fact, the link that appears in the text of the message is likely to have little relation to the actual link contained in the underlying HTML code.


Prevention Methods
There are several techniques can allow users to fight with phishing. The techniques are as following:-

1. Strengthen the Security
IT experts have created some features embedded in browsers to prevent phishing, such as extension or toolbars for browsers. For example, Mozilla Firefox uses Google anti-phishing software. Besides, some specialized spam filter can reduce the number of phishing emails that reach their addressees’ inboxes. Enhances personal firewalls and security software package and make sure that the security is the latest or up-to-date.

2. Do Not Respond to Emails Request of Personal or Financial Information
The “phisher” uses the psychological tricks to scare the users. They users can call the correlative party to do phone verification. It is safer to do so.


3. Do Not Directly Click on the Provided Link
It is better to do your own typing for the URL into your web browser yourself. Some of the URL may look alike to the real URL where it’s the fraudsters only mask the true destination.

2 comments:

Anonymous said...

good job.... i will now be more alert to prevent from phishing... thanks for your informative share.

Anonymous said...

just nice to look through and keep it on!hmmn...the overall in this sweetheart blog is good n attracting!