Phishing: Examples and its prevention methods.

Phishing is the act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user’s information.

For example, 2003 saw the proliferation of a phishing scam in which users received e-mails supposedly from eBay claiming that the user’s account was about to be suspended unless he clicked on the provided link and updated the credit card information that the genuine eBay already had. Because it is relatively simple to make a Web site look like a legitimate organizations site by mimicking the HTML code, the scam counted on people being tricked into thinking they were actually being contacted by eBay and were subsequently going to eBay’s site to update their account information. By spamming large groups of people, the “phisher” counted on the e-mail being read by a percentage of people who actually had listed credit card numbers with eBay legitimately.

Phishing, also referred to as brand spoofing or carding, is a variation on "fishing," the idea being that bait is thrown out with the hopes that while most will ignore the bait, some will be tempted into biting.

Here are some examples of phishing ;

1) This is a sample of phishing by Citibank regarding the user as a citbank checking account holder, must become acquainted with our new terms and condition and agree to it.

1) Phishing scam, As scam artists become more sophisticated, so do their phishing e-mail messages and pop-up windows. They often include official-looking logos from real organizations and other identifying information taken directly from legitimate Web sites.The following is an example of what a phishing scam e-mail message might look like.

3) This genuine looking email is a masquerade. As soon as you clicked on "respond", you were directed to an exact clone of eBay and your personal information was stolen. These messages come in different styles and writings. Go manually to ebay.com and check your private messages there and you will see if it’s real or not.

Prevention method for phishing

1. Always be wary of any email requesting personal information. You can never be too cautious. Don't reply to any suspicious looking emails or click on any links that you're unsure of. For example, if you receive an email from Ebay requesting personal information such as your user name or password, visit Ebay directly by typing http://www.ebay.com into your browser to check on your account status. Many times, phishers will include a link leading to a fake website, possibly with a similar name like ebayauctions.com, that gives them full access to your sensitive information.

2. Always ensure that you are on a secure connection to a web server when submitting personal information across the Internet. It can be determined by seeing an https:// appear in URL instead of http:// or seeing a picture of a locked padlock in the lower right-hand corner of the BROWSER WINDOW, not the page itself.

3. Do not use your email address on online forms that may appear to be suspicious. Doing so may cause you to be the recipient of hundreds of other phishing scams. Often, people like to set up websites to collect email addresses (titled "email address harvesters") for the sole purpose of selling them to spammers who are willing to pay for a fresh set of target addresses.

4. Avoid emails with urgent requests for financial, account, or email information. :.

5. If you receive spam or an email you suspect is phishing-related, forward it to spam@uce.gov. The email address spam@uce.gov is maintained by the FTC and they regularly investigate emails that they receive. Also, make sure to email the company that the phisher was trying to spoof or mimic.

6. Use antivirus and firewall software and keep them up to date using their Update features. If you are unsure of what an antivirus program is, it is a program that prevents and removes viruses. A firewall is used to prevent unauthorized access from a remote computer system. Antivirus and firewall software are very important because there are millions of existing viruses and new ones created everyday. Some of them have the potential to spread identity stealing programs.

7. Install Spyware removal software such as AdAware.

8. Make sure to carefully review your bank statements to check for unauthorized transactions. Many credit card companies have identity protection features that will reimburse you for charges made by an attacker, so long as they are promptly identified.