Phishing

Discussion in 'Information Technology' started by pradeep, Jan 28, 2006.

  1. pradeep

    pradeep Team Leader

    Joined:
    Apr 4, 2005
    Messages:
    1,645
    Likes Received:
    87
    Trophy Points:
    0
    Occupation:
    Programmer
    Location:
    Kolkata, India
    Home Page:
    http://blog.pradeep.net.in
    The type of email scam in which an email is sent claiming to be an established enterprise like eBay, Citibank, PayPal, Amazon.com, etc in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. For example you can get email in which it is written that:

    "We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity. During our regular verification of accounts, we couldn't verify your information. Please click here to update and verify your information."

    The word phishing comes from the analogy that Internet scammers are using e-mail lures to fish for passwords and financial data from the sea of Internet users. The term was coined in 1996 by hackers who were stealing AOL Internet accounts by scamming passwords from unsuspecting AOL users. Since hackers have a tendency to replacing "f" with "ph" the term phishing was derived.

    The people behind phishing e-mails are scam artists. They literally send out millions of these scam e-mails in the hopes that even a few recipients will act on them and provide their personal and financial information. Anyone with an e-mail address is at risk of being phished. Any e-mail address that has been made public on the Internet (posting in forums, newsgroups, or on a Web site) is more susceptible to phishing as the e-mail address can be saved by spiders a program that automatically fetch Web Pages, that search the Internet and grab as many e-mail addresses as they can. This is why phishing is profitable for scammers; they can cheaply and easily access millions of valid e-mail addresses to send these scams to. Some tips to avoid phishing are as follow:

    If you get an email or pop-up message that asks for personal or financial information, do not reply. And don't click on the link in the message, either. Legitimate companies don't ask for this information via email. If you are concerned about your account, contact the organization mentioned in the email using a telephone number you know to be genuine, or open a new Internet browser session and type in the company's correct Web address yourself.

    Use anti-virus software and a firewall, and keep them up to date as some phishing emails contain software that can harm your computer or track your activities on the Internet.

    Anti-virus software and a firewall can protect you from inadvertently accepting such unwanted files. Anti-virus software scans incoming communications for troublesome files. Look for anti-virus software that recognizes current viruses as well as older ones; that can effectively reverse the damage; and that updates automatically.

    A firewall helps make you invisible on the Internet and blocks all communications from unauthorized sources. It's especially important to run a firewall if you have a broadband connection. Operating systems (like Windows or Linux) or browsers (like Internet Explorer or Netscape) also may offer free software "patches" to close holes in the system that hackers or phishers could exploit.

    Don't email personal or financial information. Email is not a secure method of transmitting personal information. If you initiate a transaction and want to provide your personal or financial information through an organization's website, look for indicators that the site is secure, like a lock icon on the browser's status bar or a URL for a website that begins "https:" (the "s"stands for "secure").

    Review credit card and bank account statements as soon as you receive them to check for unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances. Be cautious about opening any attachment or downloading any files from emails you receives, regardless of who sent them. These files can contain viruses or other software that can weaken your computer's security.
     
  2. sterling45

    sterling45 New Member

    Joined:
    Aug 13, 2006
    Messages:
    46
    Likes Received:
    1
    Trophy Points:
    0
    Phishing is a huge problem on the internet. I find that I recieve way too many paypal phishing sites. Just a suggestion for those who use paypal: they never ask for your password and the URL should always be paypal.com not some IP address.

    Great article! Thanks :)
     
  3. pradeep

    pradeep Team Leader

    Joined:
    Apr 4, 2005
    Messages:
    1,645
    Likes Received:
    87
    Trophy Points:
    0
    Occupation:
    Programmer
    Location:
    Kolkata, India
    Home Page:
    http://blog.pradeep.net.in
    Phising is not just isolated to PayPal, people may use phising to get your email password, bank login password, so you need to be careful with all sites you login to using your password. Moreove, compromising your password on one site may make all other userids on different sites susceptible, 'cause most people use the same password everywhere.
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice