Saturday, 13 October 2012

What is Phishing ??

Phishing (pronounced "fishing") is a type of online identity theft. It uses email and fraudulent websites that are designed to steal your personal data or information such as credit card numbers, passwords, account data, or other information.
Google defines phishing as an attack that takes place when someone masquerades as someone else to trick you into sharing personal or other sensitive information with them, usually through a fake website.

Phishing Technique

Phishing attack mainly takes place in two stages:

Stage 1: Spam Emails

Hackers send fake emails that resemble a valid message from a well-known or popular Web site or a company that the recipients might trust, such as a credit card company, bank, charity, or e-commerce online shopping site.The e-mail message could contain " threats or some gifts or lottery winner offers" that excites the consumer into action i.e clicking on the spoofed links provided in the e-mail.The email will contain spoofed links that look like legitimate e-commerce site links but which actually will connect to the hackers website.

Stage 2: Hackers website

The hacker will design a phishing (fake) website that has the same appearance as a legitimate e-commerce or banking website.
The purpose of fake website is to trick consumers into providing the following personal information:
  • Name and username.
  • Address and phone number.
  • Password or PIN.
  • Bank account number.
  • ATM/debit or credit card number.
  • Credit card validation code (CVC) or card verification value (CVV).
  • Social security number (SSN).

So how does a typical phishing e-mail look like ?

Here is an example of what a phishing scam may look like:


As part of our security measures,we regularly screen activity in the Paypal system.We recently contacted you after noticing an issue with your acount.

Please follow the link below to confirm your account details:

Note:If you do not fill account details , your account will be suspended.

Paypal Team

The scam email may contain some spelling mistakes (in orange) since cyber-criminals are not known for their spellings, atleast one link that looks legitimate (but is actually spoofed) and threats (in green) that threaten the users with account suspension or closure and email will be sent by the name of a popular company.

Remember a legitimate E-commerce website or Bank will not ask for your personal or account details unless you are opening account for the first time.

How to prevent Phishing ?

1. Turn on Phishing filter in browsers

Below are steps to turn on phishing filters in major browsers:

1) Internet Explorer

Internet Explorer 9

To turn the SmartScreen Filter on or off, follow these steps:

1. Click the Tools icon, and then click Safety.
2. Click one of the following items:
  • Turn On SmartScreen Filter
  • Turn Off SmartScreen Filter
3. In the Microsoft SmartScreen Filter dialog box, select one of the following items, and then click OK:
  • Turn on SmartScreen Filter (recommended)
  • Turn off SmartScreen Filter

Internet Explorer 8

To turn the SmartScreen Filter on or off, follow these steps:
1. Start Window Internet Explorer 8.
2. On the Safety menu, point to SmartScreen Filter, and then click one of the following:
  • Turn On SmartScreen Filter
  • Turn Off SmartScreen Filter
3. In the Microsoft SmartScreen Filter dialog box, click one of the following, and then click OK:
  • Turn on SmartScreen Filter (recommended)
  • Turn off SmartScreen Filter

Internet Explorer 7
    To turn the Phishing Filter on or off, follow these steps:
      1. Start Windows Internet Explorer 7.
        2. On the Tools menu, point to Phishing Filter, and then click Turn On Automatic Website Checking or Turn Off Automatic Website Checking.
          3. Confirm the selection, and then click OK.

          2) Mozilla Firefox

          In Mozilla Firefox, click on Tools menu, select Options, select the Security tab then select the check box "Block reported attack sites". Also select checkbox "Block reported web forgeries".

          3) Google Chrome

          1. Click the Chrome menu  on the browser toolbar.
          2. Select Settings.
          3. Click Show advanced settings and find the "Privacy" section.
          4. Select the "Enable phishing and malware protection" checkbox.

          2) Do not Follow Links in E-mail

          Not following links from your e-mail to banks or online commerce sites; instead, use your bookmarks or type in the web page address by hand

          3) Be Suspicious of E-mail attachments

          Not opening email attachments from people you don't know even when they appear to be harmless things like screensavers or videos.
          Scan attachments even if they have come from people you know.

          4) Be Careful when Downloading Software

          Not downloading software from sites you don't trust even if they claim it is required; if a site says that a plugin is necessary, go directly to the plugin vendor's web site instead;

          5) Keep Operating system Up To Date
          Keeping your system up to date by applying security updates promptly for Browsers and other applications, as well as your computer's operating system;

          6) Use Secure Website
          When doing online transactions like payments, make sure you're on a secure Web server, check the beginning of the Web address in your browsers address bar - it should be "https://" rather than just "http://".

          7) Check your Bank Statement

          Regularly check your bank, credit and debit card statements to ensure that all transactions are legitimate.

          8) Use Anti-Virus and Firewall

          Install a good antivirus and firewall and keep it updated.

          Do you have anything to say ? Please give your valuable comments and tips

          No comments:

          Post a Comment

          Your valuable comment