Friday, June 20, 2008

Phishing: Examples and its Prevention Methods

Phishing may refer as brand spoofing or carding. It is a technique used by the social engineering to gain personal information from recipients for the purposes of identity theft through the fraudulent e-mail messages.

Normally, E-mail of phishing sends to the people who are new to the internet or who are not aware of phishing frauds. These E-mails contain a link that would look like the real link but in fact not. When the users direct click on the link , they are spoof by phishers. PayPal, eBay, MSN, Yahoo, Best Buy
and online retail store are often the target of phisher. It may also from anywhere that a person may have to register and supply financial information when register for an account. The link of E-mail may not be obvious to recipients. Thus, those recipients should be careful on not directly click on the links in the E-mail that especially sent by the bank or credit card company. They should call up the company using the listed number provided in the bank statement and not from the phone number provided in the E-mail.


The phisher may also create fraudulent website to required victim to fill in their details such as their names, bank account number, pin number, credit card number, social security number to register and log in. The appearance of the fraudulent website seemed to be similar to the real website. Thus, visitors may not aware of it. As the result, phisher is able to obtain the secure information from the visitor. Therefore, users should verify the website through the sign from www.Verisign.com to avoid the possibility of landing on a spoof website.

Beside that, users may install anti phishing software to protect from frauds and scams by the phishers. Some companies may also use augmenting password logins to prevent the phishing. For example, the Bank of America’s website ID is one of several banks that ask users to select a personal image and display the selected image with any forms that request a password. In addition, users of the bank’s online services are also instructs to enter a password only when they see the image they selected.

Here are some relevent websites and articles:-

http://www.antiphishing.org/
http://www.mozilla.org/security/phishing-test.html
http://www.mailfrontier.com/docs/SurefirePhishingTips.pdf

No comments: