If you search on internet what is phishing Wikipedia may define it as “phishing is the criminally fraudulent process of attempting to acquire sensitive information such as user names, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.” This definition itself says that phishing is a special program which is created to run some unofficial web data on your web browser to acquire your personal details such as user name and passwords or your credit card details or your internet banking details.
How phishing works
Example 1: Suppose you are checking your emails and you found a mail from your bank. You’ve gotten e-mail from them before, but this one seems suspicious, especially since it threatens to close your account if you don’t reply immediately. What do you do?
Example 2: or suppose you have received an email from a social network which you are using with text like “Congratulations Mobipride.Com has selected you as a global administrator but we need to verify your account as soon as possible to give you moderator controls of the website click on http://mobipride.xyz.co.xy/verify.php”
Those message and others like them are examples of phishing
Most people associate phishing with e-mail messages that spoof, or mimic, banks, credit card companies or other business like Amazon and eBay. These messages look authentic and attempt to get victims to reveal their personal information. But e-mail messages are only one small piece of a phishing scam.
1. Phishers decide which business to target and determine how to get e-mail addresses for the customers of that business. They often use the same mass-mailing and address collection techniques as spammers.
2. Once they know which business to spoof and who their victims are, phishers create methods for delivering the message and collecting the data. Most often, this involves e-mail addresses and a Web page.
3.This is the step people are most familiar with — the phisher sends a phony message that appears to be from a reputable source.
4.Phishers record the information victims enter into Web pages or popup windows.
5.The phishers use the information they’ve gathered to make illegal purchases or otherwise commit fraud. As many as a fourth of the victims never fully recover.
How to stay away from phishing scams.
Here are few steps you must follow to stay away from being a phishing victim.
1. Always read terms of services (“TOS”) of website or Privacy Policy of website before you sign up to them. usually you will find some text like “Do not tell your password to anyone including our employees”. That means you have to keep your password highly secure.
2.Read the email carefully.. Phishing emails always redirect you to fake website if you see our Example2 above the website mentioned in the email is Mobipride.com and the attacker is asking you to verify your user name and password on site which have domain http://mobipride.xyz.co.xy which is not a TLD (Top Level Domain) i.e. Mobipride.com of the website in concern. Immediately block such senders.
3. Avoid emails which are created to gain trust from you.
eg:
a. I am Amanda and my husband died in car accident. He left 50 million US dollars for me. I like to give it to you… etc.
b. Hello son I am your uncle some attackers are trying to attack on my website take this user id and password and log in to check.
or
c. US state lottery. Congratulations!! You have won $1000000000 Call 18990200xxxxx to claim.
or somtimes
d. Pop up on some site opens saying Congratulations!! You are the 100000 th visitor of this site call xxxxx to claim your gift/cheque/money.
These are some real examples you must ignore such phishing attempts.
4. You must use virtual keyboard while entering data on your bank website or e-commerce related website if you are on public computer or you are not sure that some harmful Spywares like keyloggers are installed on your PC.
How phishing works
Example 1: Suppose you are checking your emails and you found a mail from your bank. You’ve gotten e-mail from them before, but this one seems suspicious, especially since it threatens to close your account if you don’t reply immediately. What do you do?
Example 2: or suppose you have received an email from a social network which you are using with text like “Congratulations Mobipride.Com has selected you as a global administrator but we need to verify your account as soon as possible to give you moderator controls of the website click on http://mobipride.xyz.co.xy/verify.php”
Those message and others like them are examples of phishing
Most people associate phishing with e-mail messages that spoof, or mimic, banks, credit card companies or other business like Amazon and eBay. These messages look authentic and attempt to get victims to reveal their personal information. But e-mail messages are only one small piece of a phishing scam.
1. Phishers decide which business to target and determine how to get e-mail addresses for the customers of that business. They often use the same mass-mailing and address collection techniques as spammers.
2. Once they know which business to spoof and who their victims are, phishers create methods for delivering the message and collecting the data. Most often, this involves e-mail addresses and a Web page.
3.This is the step people are most familiar with — the phisher sends a phony message that appears to be from a reputable source.
4.Phishers record the information victims enter into Web pages or popup windows.
5.The phishers use the information they’ve gathered to make illegal purchases or otherwise commit fraud. As many as a fourth of the victims never fully recover.
How to stay away from phishing scams.
Here are few steps you must follow to stay away from being a phishing victim.
1. Always read terms of services (“TOS”) of website or Privacy Policy of website before you sign up to them. usually you will find some text like “Do not tell your password to anyone including our employees”. That means you have to keep your password highly secure.
2.Read the email carefully.. Phishing emails always redirect you to fake website if you see our Example2 above the website mentioned in the email is Mobipride.com and the attacker is asking you to verify your user name and password on site which have domain http://mobipride.xyz.co.xy which is not a TLD (Top Level Domain) i.e. Mobipride.com of the website in concern. Immediately block such senders.
3. Avoid emails which are created to gain trust from you.
eg:
a. I am Amanda and my husband died in car accident. He left 50 million US dollars for me. I like to give it to you… etc.
b. Hello son I am your uncle some attackers are trying to attack on my website take this user id and password and log in to check.
or
c. US state lottery. Congratulations!! You have won $1000000000 Call 18990200xxxxx to claim.
or somtimes
d. Pop up on some site opens saying Congratulations!! You are the 100000 th visitor of this site call xxxxx to claim your gift/cheque/money.
These are some real examples you must ignore such phishing attempts.
4. You must use virtual keyboard while entering data on your bank website or e-commerce related website if you are on public computer or you are not sure that some harmful Spywares like keyloggers are installed on your PC.
No comments:
Post a Comment