A brief history on “Phishing”The word phishing comes from the analogy that Internet scammers are using e-mail lures to fish for passwords and financial data from the sea of Internet users. The term was coined in 1996 by hackers who were stealing AOL Internet accounts by scamming passwords from unsuspecting AOL users. Since hackers have a tendency to replacing "f" with "ph" the term phishing was derived.
Definition of “Phishing”
Phishing is defined by Wikipedia as the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT Administrators are commonly used to lure the unsuspecting public. (http://en.wikipedia.org/wiki/Phishing)
In layman terms, it is the act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the users’ information.
Example of how “Phishing” works
1. This is a false claim disguising as though it is sent by Citibank.
2. They might include a graphic from the bank right on the email message or website. The logo of Citibank further mislead the customers believe this e-mail is truly sent by Citibank.
3. Lastly, directing/leading people to click on the link provided (any clickable links) in the e-mail to theft information. The link provided may look like it goes to the bank’s website while the victim is actually sent to a very different site.
Generally, this is how “phishing” works.
Phishing prevention methods
Here's some simple yet effective methods to avoid being scammed.
1. Check who the email is from - This is an extremely effective and easy way to stay safe. Just check the sender of the email. If the email address is not the domain of a legitimate bank/service, then it is certain that it is a phishing scam. Also, be aware of banks or institutions that send you an email saying you need to verify your account information, and it’s a place you don’t even do business with! Simply delete any emails like these.
2. Do not follow a click here link in the email - Phishing emails usually have a “Click here to re-enter your user information” kind of link that leads to an illegitimate website. This is not fool-proof. Just by looking at the link, you may be able to determine whether the link is the real deal. Also, do not just focus on the domain; take a look at all the slashes that follow. Also, make sure that if there is a copy-and-paste link that the one that is embedded is the same likes the one written.
Furthermore the connection should be encrypted – the link should start with https:// instead of http:// . Don’t click the link in the email thinking you will set them straight. Instead, you would have just fallen into their trap by letting them have your information.
3. Check contact information provided in the email - A lot of Phishing emails contain bogus contact information that would just serve you into their hands. In case you get an email with a phone number or an address, check that against the one that you got when opening the account. If they are not the same the email is a scam.
4. Check the information about you provided in the email - Perpetrators are getting better and better at obtaining your information. Just because they know your name does not mean that the email is legit. They could have gotten that from any social networking website. Instead, if there is any other information provided, such as an account number, make sure it corresponds to what you have.
5. Use your browser - All newer browsers have some sort of website identification mechanism that allows you to check the identity of the site. “Real” websites will have that information… while those set up solely for the purpose of farming information will not.
Why would somebody do this? Well, you can gather a lot of juicy information with a phishing scam. First, you can get somebody’s account number and password. Then you can try to hijack their assets. Some phishing scams ask for all of your personal information so that they can steal your identity and open credit accounts in your name.
Thus, users have to becareful to avoid falling for phishing scams. These methods above are sufficient to prevent most of the common phishing scams on the internet. There shouldn't be any problem if users follow these advices and methods accordingly.
Anyone would like to know more about phishing, how to spot phishing scams and other related articles may visit at http://banking.about.com/od/securityandsafety/a/phishingscams.htm for more information.
1 comments:
yeah, very true, my friend was scammed before, phishing is very common nowadays. What's most important is DO NOT EVER FOLLOW THE LINKS. I agreed with u here.
Post a Comment