Thursday, June 19, 2008

Phishing : Examples and its prevention methods

Phishing also referred to spoofing or carding. Phishing is type of electronic fraud that uses social engineering. Phishers pretend to be a trustworthy party such as a bank in attempt to steal sensitive information like passwords, bank account numbers, or credit card details. A Phishing attack is carried out electronically, commonly through email or instant messaging. Typically, the messages appear to come from well known and trusty websites such as eBay, PayPal, and BestBuy. However, it can also occur through voice phone calls, text messages, or other electronic communication methods. Once a phisher has collected this sensitive information, it can be used to take money from an account or simply shuffle money back and forth to make it harder to audit where money flows.

There are some methods of anti-phishing. The followings are:

  • Do not use the links in an email or instant message if we suspect the message might not be authentic or we do not know the sender or user's handle. Instead of using the links, we should call to the company or log on to the website directly by typing in the web address in our browsers.
  • Besides, we should avoid filling in the forms in email messages that ask for personal financial information. The account information or credit cards numbers should be given via a secure website or telephone from the authority company.
  • In addition, we are encouraging to make it a habit to enter the address of any banking, shopping, auction, or financial transaction website our self and not depend on displayed links because phishers are now able to spoof or forge both the “http://” that we normally see when we are on a secure web server.
  • Furthermore, we must regularly check our bank, credit, and debit card statements to ensure that all transactions are correct. If anything suspicious or the transactions are not recognized, we must contact our bank and all card issuers immediately.
  • Moreover, user education is also important. If users been educated about how to detect a phishing mail or site and how to securely access the website, a lot of phishing attacks will not succeed. At the mean times, related authority could put the security tips and advises up on the user’s login page or send it as emails. The method varies depending on the type of business and channels available to reach the user.
  • One of the best ways to prevent a phishing attack is to use phishing software. There are many products on the market and many come with or are included in anti virus and anti spam software. Most anti phishing programs works by using a filter, much like an anti spam filter. The program filters through our incoming emails searching for any content within the message or in URLs that may be phishing related or carries phishing software. If such emails are found they are deleted while the normal email gets filtered through to our inbox.

Lastly, although phishing is not as popular as it was before, it is still around and can cause us a lot of stress and even money loss, so it is always important to take anti phishing methods to ensure we will never fall victims to their attacks.

2 comments:

yen said...

Is quite a clear prevention methods..

shii teck said...

the explanation is quite clear and easy to understand.