What is Phishing?: The most dangerous way of extracting personal
information With the widespread application of Internet on every sphere
of our life, instances of Cyber crime have also increased. Phishing is
one of them. Fraudsters make an attempt to obtain sensitive information
about an individual by making use of the process of phishing, which
helps them to acquire sensitive personal information such as user names,
passwords and credit card details.
Read our Editors' review on Protect Your Computer From Viruses, Hackers, and Spies
Initialization of The Process of Phishing: In the name of an authorized institution some fraudulent individual or organization send an email to the individual or a company. They structure the email in such a way that the recipient is tempted to click on the URL of an unknown site, which has been designed professionally and seem to be legitimate. For example, you might receive an email from a bank where you have an account, stating that your credit card has undergone a transaction of certain amount and that clicking on a particular link could lead to stop payment.
This provokes you to click on the suspicious link as you realize that there has been no transaction of that kind recently and thus you end up revealing your personal details, unintentionally ending up in revealing your personal information These emails come from a fake website that has no connection with the reputable merchant or in this case the bank. The website has been framed in such a way that you are prompted to enter your personal data, such as name, password, credit card number or any other forms of personal information. Then, the information gets saved in the database of personal information of the thieves stealing identity online. After the con artists achieve their goal they carefully abandon the email address and the website.
Consequence of personal information leakage With the personal information in hand the fraudster starts misusing the detail to withdraw money from your account and use your credit card for buying things from online or conventional stores. They might also use your accounts to buy new products or services or sell them. For example, they can carry out any kind of transactions for travel or hotel reservations.
Read our Editors' review on Protect Your Computer From Viruses, Hackers, and Spies
Your personal information can be sold to other institutions at high prices who hire these frauds to obtain such details.
Since these frauds expertise in this field, they do maintain fake personal information about themselves, which makes it difficult for you to catch them.
Link manipulation Phishing involves the use of some technical deception, which has been designed especially to make a particular link, fitted into an email, seem to belong to a particular organization.
The use of misspelled URLs and subdomains are some of the major tricks applied in this field. For example, if the URL is [ www mybank section1com / ], it appears as the URL takes you to 'section1' of the 'mybank' website. But in actual sense it takes you to the 'mybank' section, which is the phishing section of the 'section1' website.
There is another common trick of phishing, that is, to make anchor text for a particular link seem to be valid, while the link takes you to the phisher's site. Where the URL takes you can be previewed and verified in such cases in the lower left hand corner of the browser.
Handling of Internationalized Domain Names enhances further problems. This takes you to malicious websites. Open URL redirectors are used on the websites of the trusted organizations so that malicious URLs are disguised with trusted domain.
Escape from filters Phishers use images in phishing emails instead of text so that anti-phishing filters find it harder to detect commonly used text in phishing emails.
Ways of Website forgery The fraudulent make use of 'cross-scripting' to use flaws in the scripts of a trusted website, against the victim. Here the users are directed to sign in at the bank's or service provider's webpage. Starting web addresses to security certificates, everything appears to be just perfect.
The universal Man-in-the-middle Kit makes use of a simple and user friendly interface. The phisher is then allowed to give rise to convincing websites and thus extract all log-in information entered by the victim at the fake site.
Flash-based websites hide the multimedia object text but giving the website the look of a real website. These are the techniques used to avoid from being caught by the anti phishing techniques, which scan websites thoroughly.
Some websites place pop-up or pop-under windows asking a person to enter his/her credentials on the top of the website. These are quite appealing in their approach and hence the victim ends up giving out all personal details.
Damage caused is quite huge The denial of access to email and significant financial loss are the two main consequences faced by the victim. The IT sector is very much vulnerable to such phishing attacks and these attacks are quite severe. The financial sector is also equally vulnerable.
The banking bodies of some countries have made their customers aware of such phishing tricks and have also stated that it is mandatory for every customer to take precautions and not click on suspicious links.
Immediate Remedy The following steps can be undertaken: If you have given out your credit/ATM/debit card number or your bank account number then 1. Inform the issuer of the card on their toll free, 24-hour service numbers. 2. You can then cancel your account and open a new one immediately. 3. Review your bill statements
If you have downloaded a virus or Trojan then:
1. Install anti-virus software
2. Scan your computer thoroughly with the anti-virus software
3. Confirm every connection allowed by your firewall
4. Fix your system and then change your password
5. Check the latest updates with regard to your various accounts
6. Read the latest from the Internet Security Blog & Forum
If you have given out your personal information then:
1. The theft should be reported to security freeze for Experian, Equifax and TransUnion Corporation etc... and they should be requested to place a fraud alert and ask for a free copy of your credit report
2. Inform your banks and tell them to flag your account and inform you in case of any transaction
3. Contact your local police department to file a complaint
4. Inform the Department of Motor vehicles and the Passport office
5. Lodge a complaint at the Internet Fraud Complaint Center
6. Keep track of all the people you talk to about the incident and maintain a record of all other correspondence
Kaspersky has incorporated anti-phishing database in their applications and this database is updated continuously. As a result whenever you receive a message in your mail box or encounter a pop-up from such sites it sends out audible plus text messages showing the threat. Recently, Kaspersky incorporated a highly reliable open source application provider's database to strengthen their internet security programs.
Read our Editors' review on Protect Your Computer From Viruses, Hackers, and Spies
Initialization of The Process of Phishing: In the name of an authorized institution some fraudulent individual or organization send an email to the individual or a company. They structure the email in such a way that the recipient is tempted to click on the URL of an unknown site, which has been designed professionally and seem to be legitimate. For example, you might receive an email from a bank where you have an account, stating that your credit card has undergone a transaction of certain amount and that clicking on a particular link could lead to stop payment.
This provokes you to click on the suspicious link as you realize that there has been no transaction of that kind recently and thus you end up revealing your personal details, unintentionally ending up in revealing your personal information These emails come from a fake website that has no connection with the reputable merchant or in this case the bank. The website has been framed in such a way that you are prompted to enter your personal data, such as name, password, credit card number or any other forms of personal information. Then, the information gets saved in the database of personal information of the thieves stealing identity online. After the con artists achieve their goal they carefully abandon the email address and the website.
Consequence of personal information leakage With the personal information in hand the fraudster starts misusing the detail to withdraw money from your account and use your credit card for buying things from online or conventional stores. They might also use your accounts to buy new products or services or sell them. For example, they can carry out any kind of transactions for travel or hotel reservations.
Read our Editors' review on Protect Your Computer From Viruses, Hackers, and Spies
Your personal information can be sold to other institutions at high prices who hire these frauds to obtain such details.
Since these frauds expertise in this field, they do maintain fake personal information about themselves, which makes it difficult for you to catch them.
Link manipulation Phishing involves the use of some technical deception, which has been designed especially to make a particular link, fitted into an email, seem to belong to a particular organization.
The use of misspelled URLs and subdomains are some of the major tricks applied in this field. For example, if the URL is [ www mybank section1com / ], it appears as the URL takes you to 'section1' of the 'mybank' website. But in actual sense it takes you to the 'mybank' section, which is the phishing section of the 'section1' website.
There is another common trick of phishing, that is, to make anchor text for a particular link seem to be valid, while the link takes you to the phisher's site. Where the URL takes you can be previewed and verified in such cases in the lower left hand corner of the browser.
Handling of Internationalized Domain Names enhances further problems. This takes you to malicious websites. Open URL redirectors are used on the websites of the trusted organizations so that malicious URLs are disguised with trusted domain.
Escape from filters Phishers use images in phishing emails instead of text so that anti-phishing filters find it harder to detect commonly used text in phishing emails.
Ways of Website forgery The fraudulent make use of 'cross-scripting' to use flaws in the scripts of a trusted website, against the victim. Here the users are directed to sign in at the bank's or service provider's webpage. Starting web addresses to security certificates, everything appears to be just perfect.
The universal Man-in-the-middle Kit makes use of a simple and user friendly interface. The phisher is then allowed to give rise to convincing websites and thus extract all log-in information entered by the victim at the fake site.
Flash-based websites hide the multimedia object text but giving the website the look of a real website. These are the techniques used to avoid from being caught by the anti phishing techniques, which scan websites thoroughly.
Some websites place pop-up or pop-under windows asking a person to enter his/her credentials on the top of the website. These are quite appealing in their approach and hence the victim ends up giving out all personal details.
Damage caused is quite huge The denial of access to email and significant financial loss are the two main consequences faced by the victim. The IT sector is very much vulnerable to such phishing attacks and these attacks are quite severe. The financial sector is also equally vulnerable.
The banking bodies of some countries have made their customers aware of such phishing tricks and have also stated that it is mandatory for every customer to take precautions and not click on suspicious links.
Immediate Remedy The following steps can be undertaken: If you have given out your credit/ATM/debit card number or your bank account number then 1. Inform the issuer of the card on their toll free, 24-hour service numbers. 2. You can then cancel your account and open a new one immediately. 3. Review your bill statements
If you have downloaded a virus or Trojan then:
1. Install anti-virus software
2. Scan your computer thoroughly with the anti-virus software
3. Confirm every connection allowed by your firewall
4. Fix your system and then change your password
5. Check the latest updates with regard to your various accounts
6. Read the latest from the Internet Security Blog & Forum
If you have given out your personal information then:
1. The theft should be reported to security freeze for Experian, Equifax and TransUnion Corporation etc... and they should be requested to place a fraud alert and ask for a free copy of your credit report
2. Inform your banks and tell them to flag your account and inform you in case of any transaction
3. Contact your local police department to file a complaint
4. Inform the Department of Motor vehicles and the Passport office
5. Lodge a complaint at the Internet Fraud Complaint Center
6. Keep track of all the people you talk to about the incident and maintain a record of all other correspondence
Kaspersky has incorporated anti-phishing database in their applications and this database is updated continuously. As a result whenever you receive a message in your mail box or encounter a pop-up from such sites it sends out audible plus text messages showing the threat. Recently, Kaspersky incorporated a highly reliable open source application provider's database to strengthen their internet security programs.
http://sscommerce.com is an internet security blog, scam awareness forum and trusted source for purchasing the best anti-virus software.
Article Source:
http://EzineArticles.com/expert/Rashid_Ryan/253013
Posts
