Phishing is a type of social engineering attack in which fraudulent communications are used to trick the user into giving out sensitive information, such as passwords, bank account information and other confidential details.
A phishing attack usually involves a fake communication, supposedly from a trusted corporation or institution, which uses an alarming pretext such as "restoring access to a bank account" to pressure the user into providing their sensitive details. The communication is most commonly done via e-mail, but phishing attacks by instant messages and SMSes are also known.
Phishing e-mails can appear to be from any bank, PayPal, eBay, credit card companies, and an online retail store.
Here are few steps to spot a phishing e-mail:
1. The "From Field" appears to be from the legitimate company mentioned in the e-mail. It is important to note, however, that it is very simple to change the "from" information in any e-mail client
2. The e-mail will usually contain logos or images of the company which mentioned in the scam e-mail. These are usually GIF files taken from the authentic company’s website.
3. The e-mail will contain a clickable link with text suggesting you use the inserted link to validate your information. In the image you will see that once the hyperlink is highlighted, the bottom left of the screen shows the real Web site address to which you will go. Note that the hyperlink does NOT point to the legitimate Citibank Web site URL.
In this instance, the text you click is "here", However, this may also state something like "Log-in to Citibank" or "www.citibank.com/secure" to be even more misleading. This clickable area is only text and can be changed to anything the sender wants it to read.
4. The golden rule to avoid being phished is to never ever click the links within the text of the e-mail.
Examples of phrases to look in a phishing scam e-mails :
"Verify your account."
Businesses should not ask you to send passwords, login names, Social Security numbers, or other personal information through e-mail.
"You have won the lottery"
The lottery scam is a common phishing scam known as advanced fee fraud. One of the most common forms of advanced fee fraud is a message that claims that you have won a large sum of money which often includes references to big companies, such as Microsoft. There is no Microsoft lottery.
"If you don't respond within 48 hours,
your account will be closed"
These messages convey a sense of urgency so that you'll respond immediately without thinking might have been compromised.
http://www.youtube.com/watch?v=sqRZGhiHGxg
References:
http://www.webopedia.com/DidYouKnow/Internet/2005/phishing.asp
http://www.microsoft.com/protect/yourself/phishing/identify.mspx
http://spam-ip.com/phishing-examples.phphttp://www.f-secure.com/en_EMEA/security/security-lab/learn-more/terminology/index5.html
http://www.siliconvalleywatcher.com/mt/archives/2005/04/gmail_baits_phi.php
1 comments:
I have received plenty of phishing e-mails which really annoyed me.So one of the way I used to avoid them is to only receive mails from my contacts. ;)
Post a Comment