Phishing, act of stealing sensitive personal information, such as usernames, passwords and credit card details via the internet environment for the purpose of committing financial fraud. It has become a significant criminal activity on the internet, especially the popular social web sites, auction sites, online payment processors and etc.Phishing technique was described in detail in 1987, and the first recorded use of the term“phishing” was made in 1996.Phishing largely used in PayPal, banks, credit card and eBay.
In an example PayPal phish, spelling mistakes in the e-mail and presence of IP address in the link are both clues that this is a phishing attempt. As a real email from PayPal would, large warnings about never give password or sensitive information in case of phishing attack. It instead invites users follow a link to “verify” their accounts. It will take users to further phishing website, engineered to look like PayPal’s website and will ask for users’ sensitive information.
Another example, eBay phishing become the most popular example. In eBay, scammer wishes to obtain eBay ID’s which used to sell fake or non-existent goods or accounts which can be sold further in the underground market.
There are some prevention methods which include legislation and technology created specifically to protect against phishing
One method of them is training people to recognize phishing attempts, and deal with them. Through the education,it would have more effective results, especially where the training program provides direct feedback.
Besides that, people can slightly modifying their browsing habits. For an example, when an account needing to be "verified", it's a sensible precaution to contact the company or customer from which the e-mail apparently originates to check that the e-mail is legitimate.
Another way, some bank's website such as Bank of America, that ask users to select a personal image, and display their user-selected image with any forms that request a password. Customer or online users of the bank's online services are instructed to enter password only when they see the image they selected.
Some banks and other organization likely to suffer from phishing scams round-the-clock services to monitor,analyza and assist in shutting down phishing websites.
reference links:http://en.wikipedia.org/wiki/Phishing
http://www.uscert.gov/reading_room/phishing_trends0511.pdf
Posts
0 comments:
Post a Comment