Thursday, June 19, 2008

Phishing: Examples and its prevention methods.

Have you ever been "phishing"? No, not fishing like in the sea, but "phishing". Phishing is the act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft.

Despite advice and alerts from authorities and the media, unsuspecting online consumers are still taking the bait set by scamsters to steal their identity - largely credit card information, user IDs and passwords to online banking accounts.Well known and trustworthy web sites including eBay, Yahoo, Paypal, Best Buy, online bank are often spoofed by phishers to get the victim.

The example of phishing is online bank, Maybank has also been disguise by the phishers to get the important information from the victim. The first part involves sending an e-mail claiming to be from a bank asking recipients to re-register or update their accounts by clicking on a URL link in the e-mail. When recipients click on the link, they are routed to a fake web site that looks similar to the original bank website.

The target victim only sees the bank's Internet address or domain name and not the real site address. This has to do with the way an unpatched (not updated) browser misinterprets special characters hidden in the URL link. Future attacks may involve web pages with the specially encoded URL instead of e-mail.

The methods and safeguards that can be use to avoid be a victim to phishing would be:
  1. Don't click on links in unsolicited e-mails, especially those asking for your personal information.

  2. Ensure you are in the correct site by checking the URL (i.e. http://www.maybank2u.com.my/).

  3. Keep the URL in your "Favorites" or bookmark the web page to reduce the chance of making mistakes.

  4. Change your password regularly when you felt that your password was compromised.

  5. Look for ‘lock’ icon in the browser’s status bar before submitting financial information through the website, which indicates the security of the information transferred through the Internet.

No comments: