05 July 2008
What is Phishing?
Phishing is a new type of network attack where the attacker creates an imitation of an existing Web page to trick users into submitting personal, financial, or password data to what they think is their service provides’ Website. The frequently used attack method is to send e-mails to potential victims, which seemed to be sent by banks or online organizations. In these e-mails, they will make up some causes, e.g. the password of your credit card had been mis-entered for many times, or they are providing upgrading services, to attract you visit their Web site to conform or modify your account number and password through the hyper link provided in the e-mail. You will then be linked to a fake website after clicking those links. The style, the functions performed, sometimes even the URL of these faked Websites is similar to the real Website. It’s very difficult for you to know that you are actually visiting a malicious site. If you input the account number and password, the attackers then successfully collect the information at the server side, and is able to perform their next step actions with that information like withdraw money out from your account.
How to Prevent Yourself from Phishing?
The best way you can prevent yourself from phony phishers is to understand what legitimate financial service are providers. Most importantly, legitimate entities will not ask you to provide or verify sensitive information through an email.
Follow these five simple steps to prevent yourself from phishers:
- Pick up the phone to verify — do not respond to any emails that request personal or financial information, especially ones that use pressure tactics or prey on fear. If you have reason to believe that a financial institution actually does need personal information from you, pick up the phone and call the company yourself using the number in your rolodex, not the one the email provides!
- Do Your Own Typing — Rather than merely clicking on the link provided in the email, type the URL into your web browser yourself or uses a bookmark you previously created. Even though a URL in an email may look like the real deal, fraudsters can mask the true destination.
- Beef up your security — Personal firewalls and security software packages with anti-virus and anti-spam are a must have for those who engage in online financial transactions. Make sure your computer has the latest security patches, and make sure that you conduct your financial transactions only on a secure web page using encryption. You can tell if a page is secure in a couple of ways. Look for a closed padlock in the status bar, and see that the URL starts with “https” instead of just “http”.
- Security Tip: Some phishers make spoofed websites which appear to have padlocks. To double check, click on the padlock icon on the status bar to see the security certificate for the site. Following the “Issued to” in the pop-up window you should see the name matching the site you think you’re on. If the name differs, you are probably on a spoofed site.
- Read your statements — don’t toss aside your monthly account statements! Read them thoroughly as soon as they arrive to make sure that all transactions shown are ones that you actually made, and check to see whether all of the transactions that you thought you made appear as well. Be sure that the company has current contact information for you, including your mailing address and email address.
- Spot the sharks — Visit the Website of the Anti-Phishing Working Group at www.antiphishing.org for a list of current phishing attacks and the latest news in the fight to prevent phishing. There you’ll find more information about phishing and links to helpful resources.
0 comments:
Post a Comment