0
1.2kviews
Example of Phishing
1 Answer
0
11views

Let us take a look at some definitions of the term "Phishing."

Wikipedia: It is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.

TechEncyclopedia: It is a scam to steal valuable information such as credit card and social security numbers (SSN), user IDs and passwords. It is also known as "brand Spoofing." An official-looking E-Mail is sent to potential victims pretending to be from their bank or retail establishment. E-Mails can be sent to people on selected lists or any list, expecting that some percentage of recipients will actually have an account with the organization.

Phishing is a type of deception designed to steal your identity (i.e., a kind of ID theft fraud). In Phishing schemes, the phisher tries to get the user to disclose valuable personal data, such as credit card numbers, passwords, account data or other information by convincing the user to provide it under false pretenses. Example: (A) Spam E-Mails and (B) Hoax E-Mails.

(A) Spam E-Mails

Also known as "junk E-Mails" they involve nearly identical messages sent to numerous recipients. Spam E-Mails have steadily grown since the early 1990s. Botnets networks of virus-infected computers, are used to send about 80$\%$ of Spam. Types of Spam E-Mails are as follows:

1. Unsolicited bulk E-Mail (UBE): It is synonym for SPAM- unsolicited E-Mail sent in large quantities .

2. Unsolicited commercial E-Mail (UCE): Unsolicited E-Mails are sent in large quantities from commercial perspective, for example, advertising.

Spam E-Mails proved to be a popular medium for phishers to scam users to enter personal information on fake websites using E-Mail forged to look like as if it is from a bank or other organizations such as:

1. HSBC, Santander, Common Wealth Bank: International Banks having large customer base, phishers always dive deep in such ocean to attempt to hook the fish.

2. eBay: It is a popular auction site, often mimicked to gain personal information.

3. Amazon: It was the top brand to be exploited by phishers till July 2009 .

4. Facebook: Netizens, who liked to be on the most popular social networking sites such as Facebook, are always subject to threats within Facebook as well as through E-Mail. One can reduce chances of being victim of Phishing attack by using the services - security settings to enable contact and E-Mail details as private.

The E-Mail will usually ask the user to provide valuable information about himself/herself or to verify" information that the user may have provided in the past while registering for online account.

1. Names of legitimate organizations: Instead of creating a phony company from scratch, the phisher might use a legitimate company's name and incorporate the look and feel of its website into the Spam E-Mail.

2. "From" a real employee: Real name of an official, who actually works for the organization, will appear in the "from" line or the text of the message (or both). This way, if a user contacts the organization to confirm whether "Rajeev Arora" truly is "Vice President of Marketing" then the user gets a positive response and feels assured.

3. URLs that "look right": The E-Mail might contain a URL (i.e., weblink) which seems to be legitmate website wherein user can enter the information the phisher would like to steal. However, in reality- the website will be a quickly cobbled copycat-a "spoofed" website that looks like the real thing, that is, legitimate website. In some cases, the link might lead to selected pages of a legitimate website -such as the real company's actual privacy policy or legal disclaimer.

4. Urgent messages: Creating a fear to trigger a response is very common in Phishing attacks - the E-Mails warn that failure to respond will result in no longer having access to the account or E-Mails might claim that organization has detected suspicious activity in the users' account or that organization is implementing new privacy software for ID theft solutions.

Let us understand the ways to reduce the amount of Spam E-Mails we receive.

  • Share personal E-Mail address with limited people and/or on public websites - the more it is exposed to the public, the more Spam E-Mails will be received.
  • Never reply or open any Spam E-Mails. Any spam E-Mails that are opened or replied to inform the phishers not only about your existence but also about validity of your E-Mail address.
  • Use alternate E-Mail addresses to register for any personal or shopping website. Never ever use business E-Mail addresses for these but rather use E-Mail addresses that are from Yahoo, Hotmail or Gmail.
  • Do not forward any E-Mails from unknown recipients.
  • Make a habit to preview an E-Mail (an option available in an E-Mail program) before opening it.
  • Never use E-Mail address as the screen name in chat groups or rooms.
  • Never respond to a Spam E-Mail asking to remove your E-Mail address from the mailing distribution list. More often it confirms to the phishers that your E-Mail address is active.

(B) Hoax E-Mails

These are deliberate attempt to deceive or trick a user into believing or accepting that something is real, when the hoaxer (the person or group creating the hoax) knows it is false. Hoax E-Mails may or may not be Spam E-Mails. It is difficult sometimes to recognize whether an E-Mail is "Spam" or a "hoax." The websites mentioned below can be used to check the validity of such "E-Mails- for example, chain E-Mails.

1. www.breakthechain.org: This website contains a huge database of chain E-Mails, like we discussed, the phisher sends to entice the netizens to respond to such E-Mails (e.g., from "lottery schemes" to your wish will come true "E-Mails).

2. www.hoaxbusters.org: This is an excellent website containing a large database of common Internet hoaxes.US Department of Energy. Hoaxbusters contains information almost about every scam, legend and frivolous warning that exists on the Internet.

Please log in to add an answer.