Phishing is an attempt to acquire sensitive information criminally and fraudulently, such as usernames, passwords and credit card details, in an electronic communication. PayPal, eBay and online banks are common targets. Phishing is typically carried out by e-mail or instant messaging and often directs users to enter details at a website.
Chart: Increase in phishing reports from October 2004 to June 2005.
EXAMPLE:
(1) phishing e-mail targeted at eBay users.
Taken from: http://www.comfsm.fm/~dleeling/training/phishing2.html
(2) phishing e-mail, disguised as an official e-mail from a bank.
Taken from: http://en.wikipedia.org/wiki/Image:PhishingTrustedBank.png
(3) phishing e-mail targeted at Paypal users.
Taken from: http://en.wikipedia.org/wiki/Image:Paypal_Phishing.png
(4) phishing e-mail from Citibank.
Taken from: http://www.bankrate.com/brm/news/advice/Phishing-email.asp
PREVENTION METHODS:
It is easy to uncover a crude phishing by the way of when you get an email from a bank that you have never opened an account at, then do not follow the link and enter your personal information. However, if you have an account at the particular bank, it is easier for you to check whether the bank had sent the email for you by calling the particular bank.
Besides that, you must read the message carefully whether there are any errors on it. It is because the errors found can determine whether the message is sent by the particular institution or the phisher.
In addition, you should examine the link that provided in the email. For example, the email could gives you instruction to access to http://banking.about.com/od/securityandsafety/index.htm but if you click the link you will found that you have been directed to a different site. The best way to prevent this is to copy and paste the link to your address bar. However, you can still get tricked by URL’s that look legitimate but have one or two letters switched.
The best way to avoid phishing is to use your best judgment. No financial institution with any sense will email you and ask you to input all of your sensitive information through online. In fact, most institutions will inform their customers that “We will never ask you for your personal information via phone or email”.
0 comments:
Post a Comment