| What is Phishing? | PRODUCT REVIEWS aNTIVIRUS |
You may have heard of the latest online threat to Internet users' personal security, an advanced hack known as "phishing." Phishing is a specific type of identity theft that can occur only on the Internet. You will respond to an innocent legitimate looking email, log in to your bank's website, and suddenly the phishers have your bank account number, credit card number, PIN, and any other information you entered in the website. This growing threat is taking its toll on the Internet community; according to the Anti-Phishing Working Group, there were 1,518 active phishing sites reported in November 2004 alone. |
|
Methods of PhishingPhishing scams come in several forms, but they all share the same basic traits; a legitimate looking email asking you to renew your bank account information or some other personal data. The most common phishing scam is an email that appears to be from a bank stating that you need to verify your bank account information. It will ask you to click on a legitimate looking link in the email. The actual link is to the phishing site, however. Fake websites: Phishing sites use several different methods to make their site look like the real site. The actual images and text on the page will look nearly identical to the legitimate site. Sometimes the site will try to "spoof" the address bar, hiding the phishing URL with the bank's actual URL, so it looks like you're visiting a real site. The real devious phishing sites will use the login information you entered to log you in to the actual bank's website, so you have no clue you were scammed. HTML Form based : Another method used by phishers is an HTML form embedded in the email. In this method, the legitimate looking email includes a form right in the email to input your important information. This method is particularly dangerous, as an HTML form in an email can do any number of things, including automatically sending all the data entered to a phishing site or email address owned by phishers. Pop-Up website trick: One other trick utilized by phishers is using pop-up windows to give the appearance of legitimacy. The actual bank's website will be opened in the background and the phishing site will be opened as a popup window. The pop-up looks like it's part of the legitimate site and it usually does not include an address bar, so it doesn't have to spoof the URL. Redirected weblinks: Some spyware programs will install a corrupt "Hosts" file. The corrupt hosts file will cause certain websites entered in the address bar to redirect to other sites. Thus you will enter your bank's website in the address bar, but your browser will be redirected to the phishing site without you even knowing about it. How to Manually Beat PhishingThere are several good practices that will help you avoid getting swindled by a phishing scam: • Whenever you get an email that looks like it came from a bank, make sure to not click on the link in the email. Manually enter in the URL into the address bar. In this way you can avoid have false links redirecting you to phishing sites. • Do not fill out forms in emails for anything important. Most banks and other legitimate websites do not use forms in emails because they are inherently insecure. • When logging in to a bank website, check the lower right-hand corner of the browser for a lock icon. This icon will only appear when the site is using secure HTTP and is verified to be legitimate. Phishing sites will not display this icon. • Use a spyware scanner with a hosts file analyzer to keep your hosts file clean and your computer spyware free. How Programs Automatically Beat PhishingSeveral programs exists that are designed to stop phishing scams from exploiting users: Credit card scanner: One method is for the anti-phishing program to collect your credit card number and other vital information, and when it notices that you are entering this information into a web browser, it pops up, reminding you to check if the site is legitimate or not. This method keeps the user informed, but relies on the user to verify if a site is in fact legitimate or a scam. Blacklisting: Another method is collecting a blacklist of known phishing sites and not allowing your computer to access those sites. This method functions while the phishing site is blacklisted and the anti-phishing program has the blacklist, but it has several drawbacks. The anti-phishing program must have the most up-to-date blacklist downloaded from the anti-phishing company's website. The average lifespan of a phishing site in November 2004 was around six days (according to the Anti-Phishing Working Group), so the blacklist must be constantly updated. Definitions update: One of the better methods for blocking phishing sites is for the anti-phishing program to maintain a list of definitions for the legitimate sites based on the content of the page. When the browser loads a page that matches one of the definitions, the anti-phishing program checks the page's URL against the known safe URLs for that definition. If the site does not match, the anti-phishing program displays a pop-up warning the user that the site is likely a phishing site and the user should not enter any information into the site. |
|
The offers may vary from time to time. The buyer is suggested to confirm the same from the respective websites