Many a time, Internet users receive e-mails supposedly from a trust-worthy source. The intention or objective of the mail is to obtain personal information such as Personal Ids, passwords, card numbers, social security numbers and PINs. On the face of it, nothing looks amiss. You as the receiver of the e-mail may well be induced to divulge such confidential data.
Read further to understand the need for being discrete while browsing such e-mails. If not, you are likely to fall prey to the fastest growing Internet menace – phishing scams. Don’t get phished. Find ways to recognize ‘phish’, risks associated with such fraudulent mails and how to protect yourself against this type of cyber crime.
The first instance of phishing was recorded way back in 1996. Phishing is a type of identity theft. Other fraudulent identity procurement ways include phone calls, instant messaging, fake banner ads, chat rooms and spyware programs. In simple terms, phishing is identity theft through the Internet. The person or the groups of cyber criminals who indulge in phishing are called phishers. Internet scammers use phishing to obtain personal information through e-mail from Internet users. Financial data, Personal IDs, passwords, card numbers and PINs are the most sought after information by the Phishers.
The phishers sell this information to other criminals who use it for financial gain. With the help of such confidential data, it’s easier to access a customer’s account through online banking and carry out transactions in favor of cyber criminals. Take a look at the possible outcomes:
- Make false bill payments favoring cyber criminal
- Create fake accounts
- Transfer of funds from savings accounts/credit card accounts
- Use PIN, make a replica of credit card or check card and withdraw cash/purchase
- Can infect computers with viruses and persuade unwary people to participate in money laundering.
Anti phishing involves:
- Detecting phishing mails
- Preventing/avoid being scammed
- Counter phishing attacks
- Contribute and stop phishers.
Typical phishing is done in combination with Email spam. Millions of emails with official-looking logos of real organizations are sent to huge target population. Most of the mails prompt the receiver to click a website by including upsetting or exciting statements. Get familiar in detecting phishing emails by using these tips.
- Look for wordings such as ‘confirm your password’, or ‘verify your account’, or ‘confirm your identity’.
- Never ever click on an email to reach your bank login page. Type at a fresh window or instance of your browser to reach your bank login page always. Don't count on your browser's form fill abilities to enter the details. Always disable form completion part for banking or Credit card transaction sites. Check for the closed lock at the status bar of your browser. When in doubt, double click on this lock to see the status of the verification certificate.
- Look for a statement like: We suspect an unauthorized transaction on your account; you have received money or please click here to update and verify your information.
- Asking for your password or personal information that no genuine/reputed organization would do.
- A secured web server will have HTTPS protocol at the beginning of the URL instead of HTTP. The ‘s’ in HTTPS stands for secure. Also, phishing mails when clicked, inadvertently opens to an insecure site.
- Use of @ sign in the link. For example email@example.com
- Take a close look at the name of website, the domain name is likely to be misspelled. For example www.gooogle.com
- Generic greeting is used or in other words the mails are impersonal in nature.
Avoid phishing scams
The enormity of the situation demands a combined effort to prevent phishing scams. On receipt of a suspicious email, you can forward the same to US Federal Trade Commission at firstname.lastname@example.org or opt to click the ‘Report as Junk’ button that is part of your email program. Other recommendations to minimize risks include:
- Consider installing a Web browser toolbar with phishing mail alert facility, the phishing filter.
- Check your online accounts regularly.
- Keep a tab on transactions and reconcile your credit and debit card statements to ensure genuineness.
- Even if slightly suspicious, change passwords immediately.
- Go for regular software updates.
- Use the latest anti virus software, anti-spy ware and a firewall
Counter phishing attacks
This involves documenting the process by which the phishers attack. This process is predominantly followed by big organizations. Thereon, it leads to identifying and verifying the source of attack. Following this process helps in tracking the pattern or cycle adopted by cyber frauds. The matter is then taken up with law enforcement officials to arrest the particular group or individual.
Help stop phishers
Report case over telephone and send the e-mail as an attachment to the legitimate organization. In case, you cannot send the e-mail as an attachment, forward the e-mail.
The phishing filter
Microsoft as part of its newest version i.e. Internet Explorer 7 has a set of new features aimed at improving cyber security. The phishing filter is one such feature that helps you remain safe online. The filter evaluates the web address, recognizes untrustworthy sites and alerts users automatically. This phishing protections works in the following manner.
- The filter is on by default.
- A database of known phishing websites is constantly updated and maintained by Microsoft’s partners. The URL of the website is checked against this data.
- The URL is compared with the list of legitimate sites stored on the receiver’s local computer.
- Scans the site and conducts a detailed analysis commonly applicable to known phishing websites.
Subsequently the color of the Internet Explorer Address bar will change. If it changes to yellow, it is considered to be a suspect site. On the other hand, if the Address bar changes to red, it is a confirmed phishing site, followed by a warning on the screen. Further, with regard to a confirmed phishing site, the phishing filter will also block the page. To proceed further, the user has to click a link in the browser window.
Mozilla Firefox version 2 also has this built-in protection against phishing. You can access the features of this Mozilla Anti-phishing here. Access your Firefox security feature like this :
If you are on Windows or Linux, go to
Tools - > Option -> Security
If you use a Mac OS X go to
Firefox -> Preferences -> Options -> Security.
It is one more reason why you should upgrade to the recent version of your browser. Remember that scammers will always look for a flaw in the defense and exploit it. Constant vigilance is the only way to thwart such nefarious designs. Software filters, browser toolbars and other aids are just that - tools. Unless you wield your tools effectively, they serve no purpose.