Phishing is a way of attempting to acquire information such as usernames,passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication.(Wikipedia)
In a phishing attack,an attacker creates a dummy web site that appears to be identical to a legitimate web site in order to trick users into divulging private information.When a user visits the fake site,he is presented with a page that appears to be an authentication page for the legitimate site.On submitting their user name and password,however,the malicious site simply records the user’s now-stolen credentials,and hides his activity from the user either by redirecting him to the real site or presenting a notice that the site is “down for maintenance”.Most fishing attacks target the financial services industry,most likely due to the high value of phihshed information related to financial transactions.
Phishing typically relies on the fact that the user will not examine the fraudulent page carefully,since it is often difficult to recreate pages exactly.Also,unless the URL is falsified as a result of DNS cache poisoning,a simple glance at the address bar could provide clues that the site is fake.These attacks are often facilitated by spammers who send mass e-mails that claim to be from legitimate financial intitutions but which really contain links to phishing pages.See images below:
 |
| Real facebook login page |
Fake facebook login page below watch ==> carefully then compare with the real one:
 |
| Fake facebook login page |
In addition, sometimes spammers’ send their emails to malicious software so as to render your computer helpless. Thus, it is important that you do not click on the link they provide, because that is the trigger that will load the software to your system.
A TYPICAL EXAMPLE OF PHISHING :
You receive hundreds of emails in your mailbox, but one email catches your eye – it directs you to a website, requesting that you need to update your personal information. It requests such personal information as:
passwords
credit card numbers
social security number
bank account numbers
"It appears to be legitimate", you say to yourself. And you also notice that the emails are from companies that you have been doing business with for a while. Warning : The website could be bogus.
Here are several examples of phishing in action.
1. E-mails from Paypal or your bank asking that you verify your information because they feel that your account has been compromised, or heaven forbid, suspended. Same scenario, different company. DO NOT click on the link.
2. E-mails stating they are from E-bay and they feel that your account may have been compromised and would like you to verify your information with they so conveniently supply. DO NOT click on it.
3. Here's a work at home scam – We have seen your resume on Monster and feel you would fit our position. If you are interested, please go to our website, look over the experience required and submit your resume if you have this background. Website is professional looking, offer looks good – but it could be a scam
4. E-mail that states that an unauthorized transaction has occurred on your account. Please click the link below and confirm your identity. DO NOT..
WHAT THE HELL DO THEY REALLY NEED?
In the above examples they are after information about you, be it passwords, credit cards, social security numbers, anything that can identify you – and that which they can use to profit from you.
The job email is used to verify that the email address is a true blue, active email address. What do they do with this info – they sell these accounts to spammers for good money. They need to verify your email address-because if the spammers come up empty – this person's business is dead.
HOW TO VERIFY SAFELY
1. Emails requesting resumes – Verify their account before you send your resume. When verifying – these red flags should be considered.
2. If they want you to verify your account, do not cut and paste, or use the link they provide in the email. Close your Internet session, open a new session and enter the site that you have on record to verify.
1) If their business address is not verifiable –might be a scam.
2) If they are hesitant to provide a phone number – might be a scam.
3) If the website is new – might be a scam.
4) If they use a large company's name-and that company never heard of them – might be a scam.
5) Again, verify this information before you send your resume.
TIPS TO PROTECT YOURSELF AGAINST PHISING ATTACKS :
1. Use an anti-virus software and make sure your is on firewall – keep them up to date.
5) Again, verify this information before you send your resume.
TIPS TO PROTECT YOURSELF AGAINST PHISING ATTACKS :
1. Use an anti-virus software and make sure your is on firewall – keep them up to date.
An very good example of antivirus that fiercely protects against phishing is KASPERSKI.They provide a special special system to make your transactions safe.
2. If you have a broadband connection make sure you have a firewall in place.
3. Beware of emailing personal or financial information.
4. Before providing personal information – search to see if the site is secure – look for a lock icon. However, remember not all phishers are stupid – in fact, they could be computer savvy enough to forge security icons. Thus, look for a site whose link looks like this: https://www.the site.com -- this shows that it is a secure site.
5. Coupons from respected companies – Verify that it is a true-blue coupon from the company
2. If you have a broadband connection make sure you have a firewall in place.
3. Beware of emailing personal or financial information.
4. Before providing personal information – search to see if the site is secure – look for a lock icon. However, remember not all phishers are stupid – in fact, they could be computer savvy enough to forge security icons. Thus, look for a site whose link looks like this: https://www.the site.com -- this shows that it is a secure site.
5. Coupons from respected companies – Verify that it is a true-blue coupon from the company
6. When making transactions on the Internet – be it online banking, Paypal, Internet Gold, etc. – complete your transaction, log out of the website, and close out of your Internet Explorer-and then continue with a new session of Internet Explorer.
WHAT TO DO WHEN YOU HAVE DETECTED A PHISHING ATTACK :
If you encounter spam that is phishing, or are a victim of a phishing scam, you can forward the information to spam@uce.gov and to the company, bank or organization that the email may have stated they are from. In many cases, the other organizations have information on their website where you can report the attempted scam.
In addition, if you have been scammed, and you wish to file a complaint – go to ftc.gov.
As a conclude, no one is immune to spam or a scam. But try to be ever vigilant on the Internet.
WHAT TO DO WHEN YOU HAVE DETECTED A PHISHING ATTACK :
If you encounter spam that is phishing, or are a victim of a phishing scam, you can forward the information to spam@uce.gov and to the company, bank or organization that the email may have stated they are from. In many cases, the other organizations have information on their website where you can report the attempted scam.
In addition, if you have been scammed, and you wish to file a complaint – go to ftc.gov.
As a conclude, no one is immune to spam or a scam. But try to be ever vigilant on the Internet.
