Google+ Badge

Sunday, June 29, 2008

What You Should Know About Phishing?

You can say that the internet is short cut for “international networking.” By just logging on, you can connect to people all over the world. They may be people you personally know or people you just know online. Whatever the case, there is always somebody on the other end of your internet connection.

As accessible and easy daily life is now thanks to the internet, there are disadvantages from this convenience. Criminal activities such as illiciting sexual activities on the web is an example of online problems society has to deal with.

Another online criminal activity is phishing. Phishing is acquiring personal information like passwords and credit card details by pretending to be a representative of a company. Phishing is done through email or instant messaging.

It is called ‘phishing’ because it similar to the recretional activity fishing. It ‘fishes’ for users’ personal information such as passwords and financial data.

Phishers create accounts on AOL by using fake algorithmically generated credit card numbers. These accounts are maintained for a number of months. Due to the reports of phishing incidences, AOL has brought in measures preventing this from happening by securing the data of their users and confiming the information of those signing up for AOL accounts.

On AOL, a phisher pretends that he is an AOL employee and sends out instant messages to random customers which asks for passwords of their account. Luring the victim further, the phisher includes in the message “verify your account” or “confirm billing information.”

Thus, a number of clients get lured in and give off their password. Once the phisher gains access of this sensitive information, he can use the victim’s account for spamming. Check your inbox and take a look at the spam messages you’ve received. Yes, those are real names of people. These people’s accounts have been hacked and is now being used to relay spam messages.

Because of this, AOL assures their clients that no one from the staff of AOL ask for their personal or billing information. Also, AOL has created a system which deactivates accounts as soon as there are signs that it is used for phishing.

Other recent phishing incidences involve that of the Internal Revenue Service. There is a way for phishers to know the bank of their potential victim. Then they pose as an employee of that bank and send an email to their victim.

Also, social networking sites can be a home-base for phishers because personal details that have been printed online are used for identity theft. Statistics show that over 70% phishing attempts are done in social networks.

Another technique used by phishers is coming up with a link in an email that belongs to a fake organization. They often use misspelled URLs or subdomains to trick potential victims.

Note the web address and check the @ symbol. For example, http://www.google.com@members.tripod.com may be a link that can easily deceive anyone casually observing the page. However, whoever clicks on this will be merely directed to a page that simply does not exist.

To tend to this problem, Internet Explorer and Mozzilla give users the option of either continuing or canceling their surfing. With a warning message, the user can just go to that questionable page or not.

There are some phishing scam which utilizes JavaScript commands. These alter the address bar and is done by imposing a picture of a credible entity URL over it. These visually deceives a casual internet user.

Another phishing technique is the cross-site scripting. Here, the culprit uses a legitimate companies own scripts on a potential victim. In doing so, the user is directed to sign in for the services of the imposed company. The security certificates and web address appearing on the page may seem correct for the non-professional eye. In truth though, this link the potential victim has clicked on is a way for a phisher to know his personal and financial information.

Damages from phishing are:

1. Loss of access to email which can also lead to financial loss.

2. Identity theft making the victim vulnerable to online criminal activities.

3. Access of public records

Once sensitive information such as credit card numbers, social security numbers and mother’s maiden name are acquired, it will be so easy for the phisher to manipulate the account of his victim.

For every problem, there is a solution and anti-phishing techniqes been created to prevent this online criminal activity from taking place. Users are taught to not believe every email sent to their inbox. When you get a message asking for your personal information, contact your bank or the company which supposedly sent you the email and verify it with them.

Then there is the Anti-Phishing Working Group which serves as the law enforcement association dealing with phishing incidences. From them, anti-phishing software can be downloaded by websites and uploaded as their homepage web content. Eventually, the toolbar displays the real domain name and serves also the guard dog against suspected phishers.

Installing Firefox and spam filters also protect the users from phishers. These programs reduce the email received by their clients.

In the end, it is all carefully reading the messages you receive in your email. As soon as it sounds suspicious, report it to the Anti-Phishing Working Group.