1

Phishing: Examples and its Prevention Methods

Posted by PIRATES in UTAR on 6:37 AM in

Have you ever heard before the word phishing? I’m sure many of you didn’t hear it before and not even know what it means. Actually, phishing is a terms in the field of computer network security. Phishing” is a form of internet fraud that aims to steal personal valuable information such as credit cards, social security numbers, user name and IDs and passwords as well. Still not understand? Let us simplify it as Phishing is THEFT.

It has been increasingly common in nowadays computer network users facing. So, how phishing really works out over the network? Phishing usually will be appeared in the form out e-mail or instant messaging. If it is appear as the form of e-mail, they will usually use the well-known organization so that your alertness will be highly reduce in order for them to steal your personal information. Phishing also might attempts through the website by giving services which you do not need an account.

With the extremely high population of internet users nowadays, phishing can appear to us in many different ways or methods. There are plenty types of phishing attacks such as deceptive phishing, malware-based phishing, key loggers and screen loggers, session hijacking, web Trojans, host file poisoning, system reconfiguration attacks, data theft, DNS-based phishing, content-injection phishing, man-in-the-middle phishing and search engine phishing.

However, the most frequently use and common method of phishing is by sending fraudulent e-mails. So what to look for in order to identify a phishing e-mail?

1) Generic greetingphishing e-mails are usually sent by spamming in massive batches. Phishing criminals will use generic names like ‘Dear Customer’ so they can save the time rather than type all recipients’ names out. If the e-mails does not contain your full name, you need to be suspicious the reliability of that e-mail.
2) Forged link – usually there will be a link for you to link directly to the websites, but it might not link to the real organization or bank. When you see the websites that begin with “https”, then it is safe for you to enter your personal information, the “s” stands for secure.
3) Requests personal information – the main purpose criminal spamming phishing e-mail is to cheat you by providing your personal information. So whenever you receive e-mail that request for personal information, it is probably a phishing e-mail.
4) Sense of urgency Criminals will attempt to get your personal information in a hurry. They wanted you to update or provide personal information as soon as possible so that your account will not be suspended or closed. This will make the victims act fast in order to ‘save’ their account. Beware of this sense of urgency.

Examples of Phishing are as below:





































Prevention Methods of Phishing:Actually, there are few technical methods to prevent phishing attackers. The approaches are as follow:

1) Educate users – whenever you received an e-mail that urges you to provide or update your personal information such as username, password, IDs, credit card, social security numbers, date of birth and others as well. Normally, there is high probability that it is phishing e-mail, because bank or company will not request their customers by sending an e-mail. Users need to be alert when receive phishing-alike e-mails.

2) Detect and block the phishing websites in time – users must learn how to detect whether it is a phishing site or not. Users can detect it by using the web master of a legal website to scans the root DNS for suspicious sites. Users can also trace back the downloader of web pages at the web server.

3) Enhance the security of the websites – Banks and owners of e-commerce business need to use hardware devices to enhance the security to prevent phishing attacks. For example, when every time customer purchasing through online, they are required to insert their credit card into card reader and key in the correct password in order to perform transactions. Or another way is to implement the biometrics systems, customers are require to perform voice, fingerprint or iris for confirmation of customers’ identification.

4) Block the phishing e-mails by various spam filters - by using Microsoft’s Caller ID and Sender Policy Framework (SPF), it helps to verify whether the e-mail is sent from an authorized server. And it also determines whether that e-mail got use spoofed e-mail address. If the e-mail address is fake, then Internet service can determine that it is a spam e-mail.

5) Install online anti-phishing software in user’s computers – by installing anti-phishing software, if the visited site is on the blacklist, then anti-phishing tool will warns the users immediately. The advantage is that developers of this software are able to update the blacklist in time to protect users from phishing attacks. Besides, there is another tool for users to be use; the tool will check the security of visited websites. It will perform check on the domain name, URL whether it is similar to a well-known domain name. The toolbar will notify users whether the website is verified and trusted.


References:

http://www.google.com.my/search?hl=en&defl=en&q=define:Phishing&ei=IJRISuDcJ5KZkQXg1an5CQ&sa=X&oi=glossary_definition&ct=title

http://www.phishtank.com/what_is_phishing.php

http://www.pcworld.com/businesscenter/article/135293/types_of_phishing_attacks.html

http://research.microsoft.com/en-us/um/people/chguo/phishing.pdf


1 Comments

Amelia says:
September 11, 2012 at 6:23 AM

Wow. You have nicely explained all about this internet fraud and how it can be prevented. I have carefully understood all the preventive measures that you have suggested. Thanks for this great information.
digital signature

Post a Comment

Subscribe to: Post Comments (Atom)

Copyright © 2009 Let Us Lead You To The World of E-Commerce All rights reserved. Theme by Laptop Geek. | Bloggerized by FalconHive | Distributed by Deluxe Templates