PC Security Step 9 - What You Should Know About Phishing
Are you Safe From Phishing Attempts?
You can say that the Internet is a short cut for “international networking.” By just logging on, you can connect to people all over the world. They may be people you personally know or people you just know online. Whatever the case, there is always somebody on the other end of your Internet connection.
As accessible and easy daily life is now thanks to the Internet, there are disadvantages from this convenience. Criminal activities such as eliciting sexual activities on the web are an example of online problems society has to deal with.
Another online criminal activity is phishing. Phishing is acquiring personal information like passwords and credit card details by pretending to be a representative of a company. Phishing is done through email or instant messaging.
It is called ‘phishing’ because it is similar to the recreational activity fishing. It ‘fishes’ for users’ personal information such as passwords and financial data.
Phishers have been known to create accounts on AOL by using fake algorithmically generated credit card numbers. These accounts are maintained for a number of months. Due to the reports of phishing incidences, AOL has brought in measures preventing this from happening by securing the data of their users and confirming the information of those signing up for AOL accounts.
On AOL, a phisher pretends that he is an AOL employee and sends out instant messages to a random customer that asks for passwords of their account. Luring the victim further, the phisher includes in the message “verify your account” or “confirm billing information.”
Thus, a number of clients get lured in and give off their password. Once the phisher gains access of this sensitive information, he can use the victim’s account for spamming. Check your inbox and take a look at the spam messages you’ve received. Yes, those are real names of people. These people’s accounts have been hacked and are now being used to relay spam messages.
Because of this, AOL assures their clients that no one from the staff of AOL asks for their personal or billing information. Also, AOL has created a system that deactivates accounts as soon as there are signs that it is used for phishing.
Other recent phishing incidences involve that of the Internal Revenue Service. There is a way for phishers to know the bank of their potential victim. Then they pose as an employee of that bank and send an email to their victim.
Also, social networking sites can be a home base for phishers because personal details that have been printed online are used for identity theft. Statistics show that over 70% phishing attempts are done in social networks.
Another technique used by phishers is coming up with a link in an email that belongs to a fake organization. They often use misspelled URLs or sub domains to trick potential victims.
Note the web address and check the @ symbol. For example, http://www.google.com@members.tripod.com may be a link that can easily deceive anyone casually observing the page. However, whoever clicks on this will be merely directed to a page that simply does not exist.
To tend to this problem, Internet Explorer and Mozzilla give users the option of either continuing or canceling their surfing. With a warning message, the user can just go to that questionable page or not.
There are some phishing scams that utilize JavaScript commands. These alter the address bar and are done by imposing a picture of a credible entity URL over it. These visually deceive a casual Internet user.
Another phishing technique is the cross-site scripting. Here, the culprit uses a legitimate company’s own scripts on a potential victim. In doing so, the user is directed to sign in for the services of the imposed company. The security certificates and web address appearing on the page may seem correct for the non-professional eye. In truth though, this link the potential victim has clicked on is a way for a phisher to know his personal and financial information.
Damages from phishing are:
1. Loss of access to email that can also lead to financial loss.
2. Identity theft making the victim vulnerable to online criminal activities.
3. Access of public records
Once sensitive information such as credit card numbers, social security numbers and mother’s maiden name are acquired, it will be so easy for the phisher to manipulate the account of his victim.
For every problem, there is a solution and anti-phishing techniques been created to prevent this online criminal activity from taking place. Users are taught to not believe every email sent to their inbox. When you get a message asking for your personal information, contact your bank or the company that supposedly sent you the email and verify it with them.
Then there is the Anti-Phishing Working Group that serves as the law enforcement association dealing with phishing incidences. From them, anti-phishing software can be downloaded by websites and uploaded as their homepage web content. Eventually, the toolbar displays the real domain name and serves also the guard dog against suspected phishers.
Installing Firefox and spam filters also protect the users from phishers. These programs reduce the email received by their clients.
In the end, it is all carefully reading the messages you receive in your email. As soon as it sounds suspicious, report it to the Anti-Phishing Working Group.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Recommended Resource to protect against phishing:
Firetrust MailWasherPro
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Stay secure!
Look for the next step in a few days:
“Download & Install Safely”
The information provided in this series is copyrighted material
and cannot be reprinted without the authors’ permission