Monday, June 16, 2008

Phishing.Phishing.Phishing.

Phishing

Definition: The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft.

Phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. [Definition by Wikipedia]

>>Examples:

(i)*PayPal*

The lack of a personal greeting, although the presence of personal details would not be a guarantee of legitimacy. Other signs that the message is a fraud are misspellings of simple words and the threat of consequences such as account suspension if the recipient fails to comply with the message's requests.

The lack of a personal greeting, although the presence of personal details would not be a guarantee of legitimacy. Other signs that the message is a fraud are misspellings of simple words and the threat of consequences such as account suspension if the recipient fails to comply with the message's requests.

(ii)*ebay*

Scammers phish on ebay to obtain eBay ID's which then are used to sell fake or non-existent goods or such accounts can be sold further in the underground market. In other words, the new owners of stolen eBay ID's now are equipped with positive feedback, previously generated by the real owner, and are now used to scam people.

>>Prevention Methods:

(i)Social responses

One strategy for combating phishing is to train people to recognize phishing attempts, and to deal with them. Education can be promising, especially where training provides direct feedback.

People can take steps to avoid phishing attempts by slightly modifying their browsing habits. When contacted about an account needing to be "verified" (or any other topic used by phishers), it is a sensible precaution to contact the company from which the e-mail apparently originates to check that the e-mail is legitimate.

Alternatively, the address that the individual knows is the company's genuine website can be typed into the address bar of the browser, rather than trusting any hyperlinks in the suspected phishing message.


(ii)Browsers alerting users to fraudulent websites

Another popular approach to fighting phishing is to maintain a list of known phishing sites and to check websites against the list. Microsoft's IE7 browser, Mozilla Firefox

To mitigate the problem of phishing sites impersonating a victim site by embedding its images (such as logos), several site owners have altered the images to send a message to the visitor that a site may be fraudulent. The image may be moved to a new filename and the original permanently replaced, or a server can detect that the image was not requested as part of normal browsing, and instead send a warning image2.0, and Opera all contain this type of anti-phishing measure.


(iii)Beware of pop-ups

Pop-ups in one of the way for online fraudsters to creep a spyware in your computer. They usually come up with a message indicating that your computer is infected by a spyware, and provide a link that will suppose to eliminate those spyware.


(iv)Adjust you browser settings to tighten up security

If you receive an email with a bad link in it, add the link to your 'Restricted Sites'. To do this go to Control Panel -> Internet Options -> Security. On the 'Security' tab go to 'Restricted Sites', move the slider to 'high' and remember to add blocked sites so the computer knows whom to trust. Do the same in your email client and firewall.


(v)Legal responses

Companies have also joined the effort to crack down on phishing. On March 31, 2005, Microsoft filed 117 federal lawsuits in the U.S. District Court for the Western District of Washington. The lawsuits accuse "John Doe" defendants of obtaining passwords and confidential information. March 2005 also saw a partnership between Microsoft and the Australian government teaching law enforcement officials how to combat various cyber crimes, including phishing.


Identifying phishing,

No comments: