Monday, June 23, 2008

Phishing : Examples and its Prevention Methods

Phishing is an email fraud in which the perpetrator sends out legitimate-looking email. Phishing attacks use both social engineering and technical subterfuge to steal customer's personal identity data and financial account credentials. Typically, fraudsters try to trick you into providing your user name and password so that they can gain access to an online account. Once they have the authority to access, they can use your personal information to commit identity theft, empty your bank accounts, charge your credit cards, read your email and lock you out of your online account by changing your password. Normally, the messages appear to come from well known and trustworthy websites.
According to Malaysian Computer Emergency Response Team (MyCERT) the number of forgery incidents especially phishing cases in Malaysia had enormously increased.





Tips on how to avoid the Internet scam known as phishing:
  • If you get an email or pop-up message that asks for personal or financial information, do not reply. And don't click on the link in the message, either. Legitimate companies don't ask for this information via email. If you are concerned about your account, contact the organization mentioned in the email using a telephone number you know to be genuine, or open a new Internet browser session and type in the company's correct Web address yourself. In any case, don't cut and paste the link from the message into your Internet browser — phishers can make links look like they go to one place, but that actually send you to a different site. Instead, call the company on the telephone, or log onto the website directly by typing in the Web address in your browser.
  • Avoid filling out forms in email messages that ask for personal financial information. You should only communicate information such as credit card numbers or account information via a secure website or the telephone.
  • Before submitting financial information through a Web site, look for the "lock" icon on the browser's status bar. It means your information is secure during transmission.
  • If you unknowingly supplied personal or financial information, contact your bank and credit card company immediately.
  • Area codes can mislead. Some scammers send emails that appear to be from a legitimate business and ask you to call a phone number to update your account or access a "refund." Because they use Voice over Internet Protocol technology, the area code you call does not reflect where the scammers really are. If you need to reach an organization you do business with, call the number on your financial statements or on the back of your credit card. And delete any emails that ask you to confirm or divulge your financial information.
  • Remember not all scam sites will try to show the "https://" and/or the security lock. Get in the habit of looking at the address line, too. Be aware of where you are going.
  • Use anti-virus and anti-spyware software, as well as a firewall, and update them all regularly. Ensure that your browser is up to date and security patches applied. Some phishing emails contain software that can harm your computer or track your activities on the Internet without your knowledge.
  • Regularly log into your online accounts. Don't leave it for as long as a month before you check each account.
  • Regularly check your bank, credit and debit card statements to ensure that all transactions are legitimate. If anything is suspicious or you don't recognize the transaction, contact your bank and all card issuers.

No comments: