What is phishing?
Phishing is a new type of network attack where the attacker creates a website to fool users to acquire sensitive personal information such as user names, passwords, national security ID and credit card details which are carried out by e-mails and instant messaging. The most frequent method which attackers used is to send e-mails to victims which look like it was sent by the bank or online organizations and then they will make up some causes like re-enter login credentials or providing update services. Paypal and ebay websites are the common targets for them.
Phishing attack procedure methods
In general, phishing attacks are performed 
with four steps.
1.) Phishers will set up a counterfeited website which looks exactly like the legitimate Web site. It includes setting up the web server, applying the DNS server name, and creating the web pages similar to the Web site.
2.) Send large amounts of spoofed e-mails to target users in the name of those legitimate companies and organizations. They try to convince the potential victims to visit their Web sites.
3.) Receivers receive the e-mail, then open it, and click the spoofed hyperlink in the e-mail, and input the required information.
4.) Phishers take this opportunity to steal the personal information and perform their fraud such as transferring money from the victims account.
How to identify the fraudulent e-mails?
1.) Update personal information- If you receive an e-mail from Microsoft that requires you to update your credit card personal information, there is a phishing attempt.
2.) Generic greeting- Phishing e-mail usually sent out in bulk such as “Dear User” or “Dear Customer” and does not contain your first name and last name.
3.) Sense of urgency-Phishing e-mail generally uses scare tactics. These messages convey a sense of urgency so that you will respond immediately without thinking. This e-mail stated with if customers do not take action within 24 hours, the customer account will be closed. It you see about this might be suspicious.
4.) Fake links-Normally, phishing e-mails will hide the true URL and the URL list in the email is not relates to the company URL. The websites where it is safe to enter personal information begin with “https”, the s means for secure. If you not see the word “http”, you must not process it.
Below are the examples of phishing:
Example 1
Example 2
Example 3
Example 4
How to prevent phishing ?
There are several steps to prevent phishing .Firstly, detect and block the phishing Web sites in time. When we detect the phishing Web sites, we must block the sites and prevent phishing immediately especially two master keywords of a legal website that periodically scans the root DNS for suspicious sites. For example, www.1cbc.com.cn vs. www.icbc.com.cn
Second, use strong passwords protection. Users must use several passwords instead of just one password. The passwords should combine uppercase and lowercase letters, numbers and symbols in order to avoid the phishers detect it. If you use different passwords between your blog and e-mail account, when a phisher gains access to your blogging account and e-mail address, they will be unable to access your account.
Third, do not click on suspicious links in emails. If you receive an email that requires you to update private information by clicking the link directly from the email, do not copy and paste links from messages into your browser. It is because the link might not be trustworthy. You may go to the organization website directly by typing the address in URL.
Fourth, do business only with companies you know and trust. Users should use well-known, established companies with a good reputation for quality services. Basically, the business web site should have a privacy statement that specifically states that the company will not pass personal information to others.
Fifth, install online anti-phishing software in the computer. When a user visits a Web site, the anti-phishing tool will search the address of that site in a blacklist store in a database. If the visited site is on the list, the anti-phishing software will warn the users. The tools include ScamBlocker from the Earth Link company, PhishGuard and Netcraft and others.
Lastly, use a browser that has a phishing filter. User can use the latest versions of browsers such as Firefox 3x, Internet Explorer 7, and Opera 9x. These browsers included phishing filters that provides safer web browsing experience without being interrupted by phishing activities.
http://www.digitalpurview.com/ways-to-identify-phishing-email/
http://www.microsoft.com/athome/security/email/phishing.mspx?ifs=0
http://office.microsoft.com/en-us/outlook/HA011400021033.aspx
http://www.uni.edu/its/security/phishingexamples.html
http://research.microsoft.com/en-us/um/people/chguo/phishing.pdf
TQ for sharing......
ReplyDeletepeople who using internet should be aware of this PHISHING....if not... u will really 'DOWN'...~~