What is phishing?
The action of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user’s information.
Example of phishing
For example, in year 2003 there is a proliferation of a phishing scam in which users received e-mails supposedly from eBay claiming that the user’s account was about to be suspended unless he clicked on the provided link and updated the credit card information that the genuine eBay already had. Because it is relatively simple to make a Web site look like a legitimate organizations site by mimicking the HTML code, the scam counted on people being tricked into thinking they were actually being contacted by eBay and were subsequently going to eBay’s site to update their account information. By spamming large groups of people, the “phisher” counted on the e-mail being read by a percentage of people who actually had listed credit card numbers with eBay legitimately.
Prevention method:
1.Regarding emails: DO NOT trust emails urgently requesting personal financial information !
2.Be sure not to call any number or use any link in the suspected email as this may put you in the hands of those responsible for the phishing attack.
3.Be suspicious of impersonal emails.
4.NEVER fill out forms in email messages that ask for personal financial information
5. Be suspicious of email links. Never trust it! There are ways to "spoof it" !
6. Always ensure that you're using a secure website when submitting credit card or other sensitive information via your Web browser
7. Regularly log into your online accounts
8. Ensure that your browser is up to date and security patches applied at http://www.microsoft.com/security/
9. Help stop phisching by reporting "phishing attacks" or “spoofed” e-mails to the following groups:
(i) Forward the email to reportphishing@antiphishing.com
(ii) Forward the email to the "abuse" email address at the company that is being spoofed (e.g. "spoof@ebay.com") when forwarding spoofed messages, always include the entire original email with its original header information intact.
1 comments:
thanks for sharing wen foo. Aside from the 9 methods given, i think we should always remain alert and doubtful whenever we encounter "weird" or "suspicious" websites.
Post a Comment