Tuesday, June 17, 2008

Phishing: Examples and Safeguards

So want to earn some easy money? Fishing is the way to go or it is phishing. With millions of people using the internet to do online transactions, many are unawared that some unscrupulous people had taken the advantage to conned this people for their financial gains.

In computing, phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. Phishing is an example of social engineering techniques used to fool users.

It is an act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user’s information.

Phishing is also referred to as brand spoofing or carding, is a variation on "fishing," the idea being that bait is thrown out with the hopes that while most will ignore the bait, some will be tempted into biting.

An image showing how phishing works

Most phishing cases that i stumbled across while searching are normally financial institutions are being targetted where many fake e-mails had been sent to their customers to trick them into entering their personal information to gain access to their bank accounts. Here are some e-mails which found to be fake taken from the original website of the banks in Malaysia telling their customers to be more cautious.

1)Maybank:

http://www.maybank2u.com.my/online_security_watch/phishing_web_site.shtml#

2)PublicBank:

http://www.pbebank.com/en/en_content/info/phishing.html

For the past 20 years of my life, i have never been trick into submitting my personal details to fake e-mails because i do not really use the internet for any business transactions or anything that involves money. I am also skeptical about online transactions because of cases like phishing and other online threats, i do not feel safe using the internet for now maybe until i feel that there are adequate protection to prevent phishing.


The methods and safeguards that can be use to avoid be a victim to phishing would be:


1)If you get an email or pop-up message that asks for personal or financial information, do not reply. Legitimate companies don’t ask for this information via email.


2)Use anti-virus and anti-spyware software, as well as a firewall, and update them all regularly. Some phishing emails contain software that can harm your computer or track your activities on the Internet without your knowledge.

Above are just a few methods to prevent phishing. Below are some websites which tell us how to avoid be a victim to phishing:

Chuang Computer Tips:

Tips on how to improve your computer performance, problems, security and many more.

1)http://www.chuangcomputer.com/blog/2007/08/secret-tips-to-prevent-phishing-attack.html

Internet Fraud Tips from the National Consumers League's Internet Fraud Watch

2)http://www.fraud.org/tips/internet/phishing.htm

Well there more to phishing but i am going to stop here. Last words, just be extra cautious and alert.

No comments: