Sunday, February 1, 2009

Phishing: Example and Prevention Methods

What is Phishing?

Phishing is a fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.
Some popular social websites such as YouTube, Facebook, and Windows Live Messenger; auction sites like eBay; online banks or online payment processors are often become the target of phishing.
Phishing is typically carried out by e-mail or instant messaging. It usually directs users to reveal their sensitive information at some faux websites for which are almost identical to the legitimate one.

How it works?
Most methods of phishing uses some form of technical deception designed to make a link in an e-mail appear to belong to the spoofed organization. Misspelled URLs or the use of sub domain are the common tricks used by phishers. For example, the link http://www.google.com@frame.fake.com/ may deceive a user that the link will open a page on www.google.com; in fact the link actually directs the browser to a page on frame.fake.com, using a username of http://www.google.com/.
Another method of phishing is that a phisher uses a bank or service’s own script against the victim. The method directs the users to sign in at their bank or service’s own webpage, where everything from the web address to the security certificates appears correct. In reality, the link to the website is crafted to carry out the attack. The method was used against Paypal in 2006.

Examples of Phishing
On 17 November 2003, many eBay customers received email notified that their accounts had been compromised and were being restricted. After clicking the hyperlink provided in the email, a web page which just looked like the same as eBay’s home page appeared. To re-register, the customer were told to provide credit card data, ATM personal identification numbers, Social Security number, date of birth and their mother’s maiden name. However, the problems was eBay did not send the email and the webpage did not belong to eBay.

Another example of phishing is the CitiBank phishing scam.

Upon clicking the link, the user is directed to an authentic looking page.

How to prevent it?

1. Never click direcly on any link from your e-mail. Be suspicious when you have come to a message that requires account verification.

2. Use strong password and do not use the same password for more than one site. Change it frequently.

3. Do not reply to any e-mail that require your personal information.

4. Use anti-virus and anti-spyware software, as well as a firewall, and update them all regularly.

5. Review credit card and bank account statements as soon as you receive them to check for unauthorized charges.

No comments:

Post a Comment