- Phishing is an attempt of online identity theft in which confidential and sensitive information of an individual is obtained by disguising as a trustworthy entity in an electronic communication. Usually, a phishing scam can be seen in e-mail messages, social networking website, forged website which accepts donation for charity and instant messaging program. It often places links and directs users to enter details such as passwords, usernames, and credit card details under the pretense of the official or legitimate website.
Phishing scams
Example 1: Below is a phishing e-mail which disguises as Internal Revenue Service of the United States
Abundance of e-mails is sent to potential victims advising them that they are under investigation by the IRS or that they have a refund pending from the IRS. The e-mail then asks the intended victim to “click here” which is a link contained within the e-mail to access the IRS website and prompts the victim for personal information, credit card numbers and credit card pin numbers.
Tips to avoid being a victim
• Tax payers should be aware that government entity such as IRS does not initiate tax payer communications through e-mail. IRB never sends out unsolicited e-mails to request personal information, credit card information and pin numbers.
• Do not reply, open any attachments or click on any links if you receive an e-mail claiming to be from IRS.
• Contact IRS by phone to inquire about your account if you believe it might be legitimate. However, most likely it isn’t.
Example 2: Bank phishing emails are very common too
Tips to avoid being a victim
• Most phishing e-mails will be addressed to either “Dear Valued Customer” or “Dear Sir/Madam”, while any legitimate emails from your bank or Credit Card Company will be addressed to you by name. Thus, be suspicious if generic greeting is used.
• Beware of forged links. HTML-formatted messages can contain links or forms that you can fill out just as you’d fill out a form on a Web site. Even if a link has a domain name which seems correct and authentic, it may not link to the real organization. Do not click on the link provided in the email. Also, it is preferable to call and enquire the bank that you usually deal with.
Notice in the following example that resting the cursor on the link, reveal the real Web address. If the string of numbers looks nothing like the actual company’s Web address, don’t click on it. 
• “https” are safer websites than “http”. The “s” refers to as “secure”. Do not proceed if it is not an “https” website.
• If ever you’re required to open up a link, do not click on a link provided in the e-mail, rather, the best option is to open up a new browser window and type in the address which you know to be the authentic one. Or else, you could call the bank or company directly if you have dealings with them and have spoken to them by telephone before.
• The creation of sense of urgency by phishers is to entice people to react immediately without thinking twice about what they are doing. Internet users should always have a clear mind and not acting impulsively which will eventually lead them to be one of the victims.
• Generally, no legitimate business will request its client to send their passwords, login names, pin numbers or any other kind of personal information through an e-mail. If an e-mail requires you to submit personal data, it is probably a phishing attempt.
Example 3: Phishing case with Java Script on eBay.com
Perhaps the most sophisticated phishing scam is with java script. Scammers are given the opportunity to set up traps right on eBay.com as eBay allows java script to be manipulated. The internet criminal uses a forged feedback in order to make buyers believe he has a reputation at eBay. Check out the following:
Fake feedback
A feedback score of 120, Paypal buyer protection button and power seller.
Real FeedBack
To learn more about java script scam, please refer to :-
Acquiring personal information with java script
Other prevention methods of phishing scams:
Upgrading your browser to Internet Explorer 7 with built-in Phishing Filter which is designed to warn or block you from potentially harmful Web sites.
1. An excellent password manager helps to secure your logins, hide your keystrokes and encrypt your passwords. It is a guard against identity theft. It should not release your personal data if the site is not legitimate and has been spoofed.
2. Phoolproof Phishing Prevention. Please refer to:
Phoolproof Phishing Prevention
Take a look at these interesting articles about Malaysia’s online security issues:
• Cyber security in Malaysia Is rated above average
• Phish, your money’s gone!
2 comments:
Hi,
I would like to point out another common phishing example which occur to Maybank customers. Check out the link below, I hope nobody will fall into such scams.
http://www.ictsecurity.gov.my/readTxtFile.jsp?URLLINK=MaybankPhishing.pdf
These bad people are really going over the limit, invading other people's privacy and stealing one's money is certainly unbearable. I hereby urge the society to be weary at all times and please refer to respective bank's employee whenever you stumble upon any enquiries.
Cheers.
hi galaxycharm,
yes, phishing is indeed prevalent in today's society. everyone should keep an eagle eye on any suspicious mails sent by banks ororganisations. also, do think twice before performing any action as required in the mail.
further, one should acknowledge the fact banks do not communicate with their customers through emails.
with all this, phishing scams could possibly be prevented.
Post a Comment