Phishing describes a method of online identity theft, in which phishers send an email to an Internet user falsely claiming to be an established legitimate organisations. When users respond to such e-mails, victims are lured to malicious web sites, where they are duped into disclosing their personal details, such as passwords and credit card, social security, and bank account numbers. In this way, phishers are able to commit identity theft, with possibly devastating consequences for the victim.
Websites that are frequently spoofed by phishers include eBay, PayPal, eBay and Yahoo.
Below is the example of a phishing scam targeting SunTrust bank customers. The email tries to trick recipients by pretending to be some sort of security alert, claims that failing to comply with the instructions may result in account suspension. As with other phishing scams, the displayed link is bogus - clicking the link actually takes the recipient to the attacker's website.
Anti-phishing measures:
- Be cautious with confidential information and e-mails:
Internet consumers should familiarize themselves with the way in which legitimate organizations normally communicate with their clients. Legitimate companies usually refrain from asking clients to supply sensitive personal details via e-mail. If suspicious about an e-mail message, contact the institution that supposedly sent the message and verify the origin of the message.
- Carefully examine the URL of the websites:
The URL displayed in the address or status bar should be examined carefully. The longer the URL, the easier it is to conceal the true destination indicated by the link. Users have to beware of cloaked links hiding the actual destination of a link.
- Protect computers with spam filters, anti-virus, anti-spyware software, and a firewall, as well as keeping them up to date.
- Adopt specific anti-phishing browser toolbars:
By using a variety of technologies, dedicated toolbars are specifically designed to determine whether a site is safe, including a database of known phishing sites, analysis of the URL and the imagery and text on a site, and various heuristics.
- Be aware of an offer that appears too good to be true:
It probably a treat with suspicion supposed “bargains” advertised on web sites. Requests for users of online banking sites to complete an online banking survey at a monetary reward, for instance, is an example of phishing scam, in which the phishers aim to steal the banking details of the account into which the reward is to be paid .
Additional resources for everyone:
- What to look for in a phishing email
- What to look for in a phishing website
- Protecting yourself from Phishing
- How to keep your computer secure.
0 comments
Post a Comment