“Phishing is a criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication; most attempts will entice email recipients or instant messenger users into clicking on a link that takes them to a bogus website.
The bogus website may prompt the recipient to provide personal information such as bank account number, passwords and/or it may download malicious software onto the recipient’s computer. Both the received link and bogus website may appear authentic, however they are not legitimate.
There are several technique ways were “phishers” sent an email, an instant message, or from the fraud URL or another communication that appears to be from a reputable organization, the malicious email could include notice of an account cancellation, a request to verify/update personal information, warning users of suspicious activity on their account or just about anything else that would get you to respond to the communication”(capitalbank, 2006).
“phishing process involves: Planning. Phishers decide which business to target and determine how to get e-mail addresses for the customers of that business. They often use the same mass-mailing and address collection techniques as spammers. Then setup to create methods for delivering the message and collecting the data.After that attack, the phisher sends a phony message that appears to be from a reputable source.Collection, phishers record the information entered into Web pages or popup windows. Finally,identity Theft and Fraud. The phishers use the information they've gathered to make illegal commit fraud”(How phishing works).
“To protecting yourself from phishing scams do not reveal any personal information in e-mail, online or on the telephone unless you know who you are dealing with and why. Additionally, make sure you are in a secure environment; we can fight phishing scams by following common sense guidelines:be cautious about all communications you receive. Think before you click. Also,if the communication appears to be a phishing communication, do not respond,delete it. Do not click on any links listed in the email message and do not open any attachments contained in suspicious email. Do not enter personal information in a pop-up screen. Legitimate companies, agencies and organizations don’t ask for personal information via pop-up screens. Inaddition, Internet-Banking Applications:if you need to enter your account details, only access there by typing the site's address directly into the browser. And educate yourself by knowing some information and techniques to protect yourself from phishing attempts.” (capitalbank 2006).Also, Secure the hosts file – A hacker can compromise the hosts file on desktop system and send a user to a fraudulent site because the phisher take the advantage of hosts file which store several IP and make a modification to the IP addresses list and add or modify current IP to redirect to fraud link. This can done via batch files that the phishers can create.
“Phishing is a form of criminal conduct that poses increasing threats to consumers, financial institutions, and commercial enterprises .Because phishing is likely to continue in newer and more sophisticated forms. Government agencies, and the private sector will need to cooperate more closely than ever in their efforts to combat phishing, through improved public education, prevention, authentication.”( Report on phishing,2006).
References:
Capitalbank, Phishing Scam. Available from: <http://www.capitalbank.jo/sites/default/files/Phishing%20Scam.pdf>.
How stuffworks, How phishing works. Available from: <http://computer.howstuffworks.com/phishing.htm> [March, 2008]
Minister of Public Safety and Emergency Preparedness Canada and the Attorney General of the United States ,October 2006,Report on phishing. Available from: <http://www.justice.gov/opa/report_on_phishing.pdf>.[October,2006]
No comments:
Post a Comment