Rss Feed

Phishing: Examples and its prevention methods

What is Phishing?

Phishing is a fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.

Examples of Phishing
1. eBay:
On 17 November 2003, many eBay customers received email notified that their accounts had been compromised and were being restricted. After clicking the hyperlink provided in the email, a web page which just looked like the same as eBay’s home page appeared. To re-register, the customer were told to provide credit card data, ATM personal identification numbers, Social Security number, date of birth and their mother’s maiden name. However, the problems was eBay did not send the email and the webpage did not belong to eBay.



2. Citibank:




The "From Field" appears to be from the legitimate company mentioned in the e-mail. However, that it is very simple to change the "from" information in any e-mail client. The e-mail will usually contain logos or images that have been taken from the Web site of the company mentioned in the scam e-mail.

The e-mail will contain a clickable link with text suggesting you use the inserted link to validate your information. In the image you will see that once the hyperlink is highlighted, the bottom left of the screen shows the real Web site address to which you will go. Note that the hyperlink does NOT point to the legitimate Citibank Web site URL.





In this instance, the text you click is "here". However, this may also state something like "Log-in to Citibank" or "www.citibank.com/secure" to be even more misleading. This clickable area is only text and can be changed to anything the sender wants it to read.

Additionally, you may spot some of these elements that did not appear in this particular scam:
Logos that are not an exact match to the company's logo, spelling errors, percentage signs followed by numbers or @ signs within the hyperlink, random names or e-mail addresses in the body of the text, or even e-mail headers which have nothing to do with the company mentioned in the e-mail.


How to prevent it?



1. Never click directly on any link from your e-mail. Be suspicious when you have come to a message that requires account verification.
2. Use strong password and do not use the same password for more than one site. Change it frequently.
3. Use anti-virus and anti-spyware software, as well as a firewall, and update them all regularly.
4. Review credit card and bank account statements as soon as you receive them to check for unauthorized charges.
5. Stay alert and be cautious with the e-mail and on Websites.


Hopefully all this information can help all the users to be alert from the phishers.

1 comments:

Anonymous said...

Phishing is more powerful way to steal someone's confiDential information by uSing emails. If someone is not alert, his or her information could easily being stolen.
For my opinion, we should be always alert about this kind of emails.

Post a Comment