tow

What is phishing?

Phishing is pronounced like 'fishing' but please not be confused with fishing. Phishing is a type of social engineering attack in an attempt to trick individuals to reveal their sensitive information. It scams users by sending an e-mail or instant messaging with an established legitimate enterprise that has been misrepresented.

The common scenario is that the e-mail will direct the users to visit a Web site where they are asked to update personal information, such as passwords and credit card, and bank account numbers that the legitimate organization already has. Customers of banks and online payment services are usually the common targets.

There are many methods of phishing. The common form is to make a link in an e-mail that appears to belong to the spoofed organization such as the use of subdomains. For example, the URL, http://en.wikipedia.org/wiki/Genuine, appears to take user to an article entitled “Genuine”, in fact it will take the user to the article entitled “Deception” when clicked on it.

Another form of phishing is the use of subjects lines worded to arouse anxiety. For example, the subject “to restore access to your bank account …” in an e-mail will usually get instant attention and most people will fall into the trick by clicking to read what happened. Another example of phishing is requiring users to update their information or change their passwords.






Methods to avoid being phished:
  • Do not trust e-mails that requesting personal information especially financial information. The phishers will include upsetting statements that will trigger fear or happiness so that users can react immediately. Therefore, do not click on the link attached in the email or give any account information on the web as no bank or internet commerce will ask for account information.
  • A link that has a name you recognize doesn't mean it links to the real orgaization. Roll your mouse over the link and seeif it matches what appears in the email. Do not click on the link if there is a discrepency. Also, websites begin with "https" are safe to enter personal information ("s" stands for secure).

  • Be sure not to call any number or use any link in the suspected email as this may put you in the hands of the phisher. It is generally safer to write the specific address field or call the banks specific number as found on their official pages.
  • Phishing emails are usually sent in large batches using generic names like "First Generic Bank Customer". If you do not see your name, be suspicious.

  • User should have a healthy control over the bank account by regularly check the credit and debit cards to ensure all transactions are legitimate. Contact your bank and all card issuers if found any suspicious.

  • Keep antivirus up to date and use anti-spyware software.








References:

- Avoid Phishing scams, hoax. Retrieved 28 June 2009, from http://www.anti-phishing.info/avoid-phishing.html
- Phishing. Retrieved 28 June 2009, from http://en.wikipedia.org/wiki/Phishing
- Phishing. Retrieved 28 June 2009, from http://www.webopedia.com/TERM/p/phishing.html
Labels: edit post
0 Responses

Post a Comment