You Are Visitor No:

ralph emery country roads

Saturday, June 21, 2008

Phishing:Examples and Prevention Method

In computing, phishing is the act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has.

EXAMPLE:

In the year 2003 the users received e-mails supposedly from eBay claiming that the user’s account was about to be suspended unless he clicked on the provided link and updated the credit card information that the genuine eBay already had. Because it is relatively simple to make a Web site look like a legitimate organizations site by mimicking the HTML code, the scam counted on people being tricked into thinking they were actually being contacted by eBay and were subsequently going to eBay’s site to update their account information. By spamming large groups of people, the “phisher” counted on the e-mail being read by a percentage of people who actually had listed credit card numbers with eBay legitimately.

Prevention Methods:

Downloads

  • Establish a download policy for your household or workplace. This is especially important if young people share the computer as game and file sharing sites are major sources of spyware.
  • Banish peer-to-peer file sharing completely. Or, if that will cause a revolution in your household, banish it to a non-networked, standalone computer which contains no financial or other personal information. Do not use this computer to access financial Web sites or other sites which require a log-in or store account details. Treat this computer as a pariah.
  • Before downloading, read the software licence (EULA) in its entirety.

Email

  • Never click links in spam.
  • Never buy spam-advertised products.
  • Never click links to financial institutions or log-in sites; instead, open your browser manually and type the address in directly, or use a previously saved bookmark for the site.
  • Establish a Web-based email account and use it for all non-critical email. Do not download this mail to your local machine, view it online.
  • Never open attachments from unknown sources.
  • Scan attachments from known sources for viruses before you open them.

Browsers

  • Always read links and dialog boxes carefully before you click online.
  • Never click the Close or Cancel link in a pop-up. Often these links are coded to install spyware.
  • Close pop-ups using the X in the top right-hand corner, or click the window's title-bar and press Alt+F4.
  • If a pop-up has no apparent way to close it, use Ctrl+Alt+Del to terminate your browser. If you're using Internet Explorer, this will have the unfortunate side effect of restarting the Windows Explorer as well (another reason for not using Explorer).
  • Watch how questions are phrased online. Frequently, they are phrased in a way which makes it hard to work out how to avoid signing up for something, or a series of No, No, No responses will precede a question which requires a Yes to avoid accidental sign up.
  • Set your browser to kill pop-ups. Most browsers display a notice when they block a pop-up, so you can always allow a specific pop-up if it's on a trusted site.
  • Check for updates to your browser each week.
  • Regularly check security settings of your browser, to ensure they have not been changed. For example, check that IE's Trusted Sites list contains only those sites you have added.
  • Look for the https:// prefix (note the 's' on the end) in the Web address, indicating a secure site, before entering sensitive information online.
  • Watch for subtle changes in the way a site appears. If it doesn't look right, close your browser.
  • Patch all browsers on your system, not just the one you use as the default. One recent attack used a flaw in Firefox's Java plug-in to worm its way into Internet Explorer and from there to launch pop-ups. Remember that Internet Explorer is integrated into Windows in all sorts of ways, so you must patch it even if you don't use it. IE is used by Messenger, Outlook Express, Digital Imaging Studio and many other programs even if you have chosen another browser as your default.
  • Use Microsoft Update to keep Windows patched.

Information above are obtained and refined from:


Posted by at

1 comment:

Anonymous said...

Phishing is such a unethical thing to do...hope those prevention methods are really useful in preventing....

July 20, 2008 at 10:53 PM

Post a Comment

Subscribe to: Post Comments (Atom)