WHAT IS PHISHING?
Simply put, phishing is a crime where criminals use social engineering techniques to persuade you to reveal sensitive information - such as your bank account details, your credit card details, passwords etc. Or, in plain English, they trick you into giving them your personal information so that they can use it to steal your money.
In order to get you to reveal your details, the fraudster normally assumes the identity of a trusted person or organisation - typically a bank, a credit card company or an online payment processor such as PayPal.
This is often carried out using electronic communication - both e-mail and instant messenger systems are widely used today, but telephone or normal mail can also be used by these fraudsters
HOW DOES PHISHING WORK?
The normal mode of attack is an e-mail or sometimes one of the instant messenger systems, but e-mail is most common. Typically the scammer pretends to be someone such as Paypal, Ebay, your bank, or a credit card company. They will send you an e-mail, which looks very similar to the e-mail and website of the organisation being impersonated, complete with logos, graphics, similar font styles etc.
They tend to use a headline which will either entice you into reading by stimulating your sense of fear, greed or even anger. Some Typical examples are below:
1. Your account has been suspended
2. Thank you for your order
3. Someone has sent you money using (insert name) online payment system
These are only typical - there are many other variants.
Item 1 might be used for banks, online payment processors or credit cards. The first time that you get one of these, it’s quite understandable that you would be concerned about your account. The e-mail will advise you that your account has been frozen for some reason - possibly because of some security issue or misuse. You need to update your details before you can restore full access to your account.
There will be a link for you to click on to access their site where you can update your details and everything will be fine after that. However, if you click on the link you will be taken, not to your account but to the scammers website where any information that you enter will be used by them to assume your identity and either steal money directly from you or use your details to buy goods online.
Like the e-mail, the scammer’s site will look very much like the official site that is being impersonated. It will use the same font size, the same - or very similar - images, official logos etc. It’s surprisingly easy to do this and it’s easy to be fooled.
Item 2 is often used when impersonating a well known online vendor such as Ebay. The e-mail arrives, again the logos are very convincing, the type and size of font are the same as normal etc. but you know you didn’t buy the item you’ve just been given a receipt for. Not to worry, there’s a handy link in the e-mail which usually says something like “click here if you didn’t buy this item” which you can use to sort it all out.
Guess what happens when you click on that link. That’s right, you’re going to arrive at the scammers carefully disguised website and be asked to enter some of your confidential information which will then be used to defraud you.
Item 3 is used to appeal to your sense of greed. By now, we have the method of operation off by heart I think. The e-mail arrives - someone’s sent you some money - click here to confirm and receive payment - visit scam website - enter details and the rest is history.
SPOTTING PHISHING E-MAILS
After a while, phishing e-mails are relatively easy to spot and you can avoid them by applying a little common sense. There are also new software security tools available.
There are several things that can alert you to a phishing e-mail.
* Do you actually have an account with the organisation which is purported to be the sender?
* Have they got your details correct (your name, your account number etc.)?
* What is the return e-mail address?
* Where does the “click here” link actually take you (check before you click)?
* Are there a lot of spelling and grammatical errors (lots of phishers are from countries which don’t have English as a first language).
The golden rule to avoid being phished is never to click on the link within the e-mail. Be aware that if you click on the link and decide upon arrival at the site that it’s a scam - the fraudsters might have the ability to extract information from your PC or to load spyware onto your machine even if you decline to enter information at that point.
Even if you think that the e-mail is probably genuine you are always safer to log into your account by using your web browser address bar or by clicking from your favourites list.
Also, just to be on the safe side, make sure your aware of the information policy of your important online accounts. Most reputable companies will have details of what type of information they will send you and what type of data they may ask you for by e-mail. More importantly, they will probably have clear guidelines about the types of information that they will not ask you for.
HOW CAN YOU AVOID PHISHING ATTACKS?
Here’s your plan to avoid being phished:
* Be aware of your online accounts information policy guidelines.
* Never click on a “handy” link in an e-mail - always enter the site using your browser or favourites list.
* Forward a copy of the e-mail to the official site in question. Most of them will be happy to confirm that it’s a phishing attempt or, alternatively, advise that there is a real problem with your account.
* Delete any phishing e-mails you get immediately after forwarding to the “real” company. Once you’ve deleted them, clear out your “trash” folder to stop any accidental clicking in future.
http://www.articlejoe.com/Article/Phishing---What-Is-It-And-How-Can-You-Avoid-It-/32358
