The customer is always right!
11 years ago
Tuesday, June 23, 2009
What is Phishing?
Phishing referred as brand spoofing or carding, is a variation on ‘fishing’, the idea being that bait is thrown out with the hopes that while most will ignore the bait, some will be tempted into biting. It is one of the greatest security problems that you face today while using your email account. In fact, phishing is a much more serious threat than the commonly heard about problems like spyware and viruses. If you are tangled in the network of fake links set by phishers, you can have severe financial loses. So, before anything of that sort happens, be on your guard and learn how to prevent phishing.
Examples of Phishing
1. Link Manipulation
Links are internet addresses that direct one to a specific website. We usually give out links to our personal blogs or digital album sites to our friends and family via emails or instant messages.
In phishing, these links are usually misspelled. One or two letters make a big difference and it will lead you to a different, and often fake, website or page. It is a form of technical deception. Phishers use sub domains. For example, a link appears to take you to an article entitled "Genuine"; clicking on it will in fact take you to the article entitled "Deception".
In phishing, these links are usually misspelled. One or two letters make a big difference and it will lead you to a different, and often fake, website or page. It is a form of technical deception. Phishers use sub domains. For example, a link appears to take you to an article entitled "Genuine"; clicking on it will in fact take you to the article entitled "Deception".
2. Filter Evation
This is the use of images instead of texts. Through this, anti phishing filters will find a hard time to detect the emails.
This is the use of images instead of texts. Through this, anti phishing filters will find a hard time to detect the emails.
3. Website Forger
There are some phishing scams that use JavaScript commands to alter an address bar. This directs the user to sign in at a bank or service of the phisher. This is where he will extract information from you. An attacker can even use flaws in a trusted website's own scripts against the victim. These types of attacks (known as cross-site scripting) are particularly problematic, because they direct the user to sign in at their bank or service's own web page. The Flash-based websites avoid anti phishing techniques. This hides the text to a multimedia object.
There are some phishing scams that use JavaScript commands to alter an address bar. This directs the user to sign in at a bank or service of the phisher. This is where he will extract information from you. An attacker can even use flaws in a trusted website's own scripts against the victim. These types of attacks (known as cross-site scripting) are particularly problematic, because they direct the user to sign in at their bank or service's own web page. The Flash-based websites avoid anti phishing techniques. This hides the text to a multimedia object.
4. Phone Phishing
This is done by using a fake caller ID data to make it appear that the call came from a trusted organization. The operator of the phone who answered your call will ask you to give your account numbers and passwords. There are many other phishing techniques. Some have developed counter-phishing techniques already but scammers continue to invent still newer tricks. Always be alert and never trust to give your most private details easily.How to prevent phishing? One of the easiest ways to prevent phishing is to install up-to-date antivirus software, such as Anti-Virus PLUS. Provide your email account with a phishing protection program, such as Spam Controls to keep away possible phishing emails. Even after applying such phishing filter, you cannot stop such spam. In that case, use your brain to be convinced that your bank already has that information and would not request you to confirm them over emails. The other thing that you can do in place of phishing software is to contact the company in question and crosscheck the authenticity of the mail.
0 Comments:
Subscribe to:
Post Comments (Atom)
