Phishing: Examples and its prevention methods.

Phishing is a type of deception designed to steal your valuable personal data, such as credit card numbers, Windows Live ID, other account data and passwords, or other information. Recent victims include Charlotte’s Bank of America, Best Buy and eBay, where people are directed to Web pages that looked identical to the companies’ sites.

Example of Phishing:
The more complex a web browser or e-mail client is, the more loopholes and weaknesses phishers can find. This means that phishers add to their bags of tricks as programs get more sophisticated.

I. Phishing e-mails will contain some of these common elements: (view screen capture above from Eudora)

1. The "From Field" appears to be from the legitimate company mentioned in the e-mail.
2. The e-mail will usually contain logos or images that have been taken from the Web site of the company mentioned in the scam e-mail.
3. The e-mail will contain a clickable link with text suggesting you use the inserted link to validate your information. Note that the hyperlink does NOT point to the legitimate Citibank Web site URL.
In this instance, the text you click is "here. However, this may also state something like "Log-in to Citibank" or "www.citibank.com/secure" to be even more misleading. This clickable area is only text and can be changed to anything the sender wants it to read.

II. The following is another example of what a phishing scam in an e-mail message might look like.

To make these phishing e-mail messages look even more legitimate, the scam artists may place a link in them that appears to go to the legitimate Web site (1), but actually takes you to a phony scam site (2) or possibly a pop-up window that looks exactly like the official site.

III. Graphics. By determining which e-mail client and browser the victim is using, the phisher can place images of address bars and security padlocks over the real status and address bars.

IV. Popup windows and frames. Malicious popup windows can appear over the site, or invisible frames around it can contain malicious code.

V. HTML. Some phishing e-mails look like plain text but really include HTML markup containing invisible words and instructions that help the message bypass anti-spam software.

VI. DNS cache poisoning. Also called pharming, this is when a phisher (often by speaking to customer service representatives) changes DNS server information. This causes everyone trying to reach the spoofed company's web site to be directed to another site.

Prevention Methods with OS and Applications supports:
- Keep your operating system up to date, and install up-to-date antivirus and antispyware software. This will be the first level of defense against phishing scams.

- Windows Defender, which comes with Windows Vista to help prevent spyware or other unwanted software.

- Internet Explorer 7 (IE7) is available for Windows Vista and has a Phishing Filter built in that scans and alerts users to phishing sites.

Self-Prevention Methods:
- Do not reply to email or pop-up messages that ask for personal or financial information, and do not click on links in the message.

- Do not cut and paste a link from the message into your Web browser – phishers can make links look like they go one place, but that actually send you to a different site.

- Businesses should not ask you to send passwords, login names, Social Security numbers, or other personal information through e-mail. E.g.: If you receive an e-mail message from Microsoft asking you to update your credit card information – DO NOT RESPOND! This is a phishing scam.

- Certain self-awareness should be implied. “You have won the lottery.” The lottery scam is a common phishing scam known as advanced fee fraud. The message will claim that you have won a large sum of money, this is actually a trickster. There is no Microsoft lottery or Citibank lottery.

Read more here - Protection from Phishers

Personal Opinion:
What are the differences between Fishing and Phishing? Both actions are waiting for opportunity to gain advantage from third parties. However, phishing is more complicated, dangerous and harass repeatedly to Internet users. Anywhere, we should be able to differentiate whether the e-mail we received is reliable and trustfulness or not. Sufficient awareness must be obtain to prevent PHISHING!