————-[ Phishing ] ————

First , we must know what is phishing(pronounced “fishing”)?

In computing , Phishing is an attempt to illegally or fraudulently accquire sensitive information ,such as username,user id ,user password , credit card details ,Social security number , personal details etc by using fake websites which looks similar to original ones.

In simple term, Phishing is a technique to fool users and steal their informations.

Phishing is typically carried out by email or instant messaging .
The most common type of phish is an e-mail threatening
like:

Phishing E-mail Example #1

===============================================================
Dear Chase Customer

We recently reviewed your account, and suspect that your Chase Internet Banking account may have been accessed by an unauthorized third party.

Protecting the security of your account and of the Chase network is our primary concern. Therefore, as a preventative measure, we have temporarily limited access to sensitive account features.

To restore your account access, please take the following steps to ensure that your account has not been compromised:

1. Login to your Chase Internet Banking account. In case you are not enrolled yet for Internet Banking, you will have to use your Social Security Number as both your Personal ID and Password and fill in the required information, including your name and account number.

2. Review your recent account history for any unauthorized withdrawals or deposits, and check your account profile to make sure no changes have been made. If any unauthorized activity has taken place on your account, report to Chase staff immediately.

To get started, please click the link below:

https://chaseonline.chase.com/colappmgr/XXX

We apologize for any inconvenience this may cause, and appreciate your assistance in helping us maintain the integrity of the entire Chase system.

Thank your for your prompt attention to this matter.

Sincerely,

The Chase BankTeam.
===============================================================

Recent Phishing attempts

1. Most recent phishing attempts have targeted the customers of banks and online transaction services.
2. Social networking sites are also a target of phishing since the personal details can be used in identity theft.

70% of phishing attacks are done on social networking + online transactions.

Phishing Techniques
1.Misspelled URLs or use of subdomains are common tricks used by PHISHERS,
suppose the real url for a bank is http://www.abc.com so misspelled urls will be something
such as http://www.abc.bank.com or http://www.abccbank.com or http://www.abc.com.example.com etc.

2.Another common tricks used by phisers ,to make the anchor text for a link appear to be valid , but the link
actually goes to phisher’s site

suppose the real link is like : http://www.abc.com/login so phisher will use link like http://www.abc.com/login_page

Few tips to aviod Phishing
You should never respond or reply to e-mail that:

* Requires you to enter personal information directly into the e-mail or submit that information some other way.

* Threatens to close or suspend your account if you do not take immediate action by providing personal information.
* Solicits your participation in a survey where you are asked to enter personal information.
* States that your account has been compromised or that there has been third-party activity on your account and requests you to enter or confirm your account information.

* States that there are unauthorized charges on your account and requests your account information.

* Asks you to enter your User ID, password or account numbers into an e-mail or non-secure webpage.

* Asks you to confirm, verify, or refresh your account, credit card, or billing information.

If you are really interested to know more about Phishing …just go and check these site links 🙂

http://www.microsoft.com/protect/yourself/phishing/identify.mspx
http://www.microsoft.com/protect/products/yourself/phishingfilter.mspx

Please check these sites for Phishing examples:

http://www.techcrunch.com/2008/01/02/phishing-for-facebook/

http://www.comfsm.fm/~dleeling/training/phishing2.html

http://www.bankrate.com/brm/news/advice/20030820b1.asp

Suggestions will be apperciated. 🙂

Thx.

Anand sharma

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: