Phishing: Examples and its Prevention Method

We are always heard the word "PHISHING" , but what actually PHISHING means?

~It is a fraudulent attempt (usually made through email) to steal someone personal details.~

Before we discuss further, lets see how the steps the attackers does while executing a phishing attack

1. Register a fake domain name [not mandatory]
2. Setup a look alike webpage
3. Send email to hundreds of users

Lets see the EXAMPLES......

CITIBANK PHISHING SCAM



Upon clicking the link, the user is directed to the following authentic-looking page:

Another EXAMPLE:

WASHINGTON MUTUAL BANK PHISHING EMAIL

~This phish claims that Washington Mutual Bank is adopting a new security measures which require confirming ATM card details. The victim is directed to a phishing site and any information entered is sent to the attacker.

HOW TO PREVENT IT?

1) Learn to recognise a "phish"

! Never click directly on any link from your email.

! Phishing emails are usually sent in bulk. to save time, they use generic name such as " Dear Valued Customer. Therefore, be suspicious if you don't see your first or last name.

! Roll the mouse over the link and see if it mathches what appear in the email.

! Websites where it is safe to enter personal information begin with "https"- the "s" stands for secure.As such, if you don't see "https", DO NOT PROCEED.

! Business should not ask you to send passwords, login names, or other personal information through email so do not respond to any email asking for your personal details.

! Poor resolution- Phishing websites are often poor in quality because they are crated with urgency. If the resolution on a logo or in text strikes you as poor, be suspicious.

! Read the URLs from right to left. The real domain name is at the end of the URL.

! Look out for URLs that begin with an IP address.

For example,

ttp://12.12.34.34/firstgenericbank/account-update/- this is likely a phish.

2) Getting Anti virus and spyware protection that is current and up-to-date
Examples of anti phishing freeware

~ GFI-MailEssentials
~ Earthlink Toolbar Scamblocker
~ Webroot's Phish net


3) Use Internet Explore 7

~ Internet Explore 7 includes the Microsoft Phishing Filter, which helps protect you from Phish websie by warming or blocking you from reported phishing web Sites

If a web site is a known phishing site, the Address Bar will turns red, and the Security Bar will appear.


4) Verify the URL Example~ Phish Tank provide service that you can use to verify suspicious URL before you proceed with the transaction.






Useful references:

http://antivirus.about.com/od/emailscams/ss/phishing_2.htm

http://www.consumerfraudreporting.org/phishinglog.php

http://kb.cadzow.com.au:15384/cadzow/details.aspx?ID=1422

http://www.phishtank.com/what_is_phishing.php?view=website&annotated=true

http://www.ecommerze.blogspot.com/

http://www.anti-phishing.info/anti-phishing-freeware.htm