Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. In short, phishing is a scam in which the attacker sends an email purporting to be from a valid financial or eCommerce provider in order to obtain username, passwords and other important details.
Examples
PayPal and eBay were two of the earliest targets of phishing scams. In the example below, it shows how the attacker does the phishing through link manipulation.
This PayPal phishing scams tries to trick recipients by pretending to be some sort of security alert. Claiming that someone 'from a foreign IP address' attempted to login to your PayPal account, the email urges recipients to confirm their account details via the link provided. In fact, as with other phishing scams, the victim is directed to visit a fraudulent site and any information entered on that site is sent to the attacker and thus, he can manage the recipient’s PayPal account.
Another example of phishing email from First Generic Bank:
Example of phishing email in attempting to get credit card information using the name of CitiBank
Example of phishing using the name of eBay
Example of phishing using the name of Yahoo
Example of phishing email in attempting to get credit card information
Besides that, phishing through link manipulation, the attacker can also phishing through website forgery. Some phishing scams use JavaScript commands in order to alter the address bar. An attacker can even use flaws in a trusted website's own scripts against the victim. These types of attacks (known as cross-site scripting) are particularly problematic, because they direct the user to sign in at their bank or service's own web page, where everything from the web address to the security certificates appears correct.
Moreover, Phone phishing is also one type of phishing methods. Messages that claimed to be from a bank told its users to dial a phone number regarding the problem with their bank accounts. In fact, the phone number is owned by the attacker. Therefore, data of the users can easily be obtained as they are requested to enter their account numbers and PIN once the phone number is dialed.
Prevention
Tip 1
It is important that you must learn to recognize all types of phishing emails. You should make yourself aware that if you receive a message which needs you to take immediate action with regard to any of your personal accounts then you should contact your financial institution immediately via phone or in person. Most phishing emails will be addressed to either “Dear Valued Customer” or “Dear Sir/Madam”, while any legitimate emails from your bank or Credit Card Company will be addressed to you by name. It is important to know that the phisher who has sent the email in the first place is after your personal information in order to use it for fraudulent purposes.
Tip 2
Never ever send any kind of sensitive personal information using an email. Emails are not the most secure form of communication available for people to use on the Internet. Certainly many scammers are quite capable of producing an email that looks legitimate and so will be easily able to forge such a document and then gain your information in this way.
Tip 3
If you do have to transmit any personal information over the Internet then ensure that the site you are providing it to is completely secure. The best way for a person to identify if a site is secured or not is by looking at the site address. All websites which are considered to be secured should start with “https://” and not “http://”. Also if you look in the browser status bar you will see the lock icon being displayed.
Tip 4
If you ever receive an email from someone you do not know and it contains a link within it then do not click on it. Rather what you should be doing is opening up a new browser page and then typing in the address which you know to be the authentic website. Alternatively, you could call the person or company directly if you have had dealings with them and have spoken with them by telephone before.
0 comments:
Post a Comment