The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that may be used for fraud or identity theft. The e-mail directs the user to visit a Website where they are asked to update personal information such as: passwords, credit/debit card info, Social Security number, and the credit union/bank account numbers that the legitimate organization already has. The Website, however, is a spoof and set up only to steal the user's information.
Examples phishing:
1) Phishing e-mail from TrustedBank:
An example of a phishing e-mail, disguised as an official e-mail from a (fictional) bank. The sender is attempting to trick the recipient into revealing secure information by "confirming" it at the phisher's website. Note the misspelling of the words received and discrepancy. Such mistakes are common in most phishing emails.
2) An example of a phishing e-mail targeted at PayPal users: 
In an example Paypal phish (right), spelling mistakes in the e-mail and the presence of an IP address in the link (visible in the tooltip under the yellow box) are both clues that this is a phishing attempt. Another giveaway is the lack of a personal greeting, although the presence of personal details would not be a guarantee of legitimacy. A legitimate Paypal communication will always greet the user with his or her real name, not just with a generic greeting like, "Dear Accountholder." Other signs that the message is a fraud are misspellings of simple words, bad grammar and the threat of consequences such as account suspension if the recipient fails to comply with the message's requests.
3) An example of a scam email from Citi Bank:
4) Phishing e-mail from Citizens Bank:
ISPs, banks, etc. do not ask for passwords and the like to be entered by email. Be suspicious of any email message that asks for personal information. Don't ever follow a link in an email that asks you to update or verify sensitive information. If you want to contact a company, go to their Web site by using a link from your records or telephone them. How to avoid falling for a Phishing (fishing) Scam?
Most of the case of phishing are related to your bank account number ,password ,credit card detail information, social security card number and your e-currency account information .Some of the latest phishing are related to you paypal ,yahoo mail ,gmail and other free mail service .Just to keep in mind none of those official company mentioned above will ask you to provide any information via e-mail .If you receive the similar request to ask you to provide the detail or link to the web site in that mail ,it must be internet phishing scam.
Phishing Prevention Methods:
1) Do not reply to or click on a link in an e-mail that warns you, with little notice or prior legitimate expectation that an a account of yours will be shut down unless you confirm your billing information. Instead, contact the company cited in the e-mail using an authenticated telephone number or other form of communication that you sure is genuine.
2) Legitimate companies, especially financial institutions should never ask you to verify your account information. If you get an e-mail that asks for this type of information, delete it and report it to the company being phished.
3) Before submitting financial information through a website, look for the locked padlock on the browser’s status bar or look for http:// at the beginning of the web address in your browser’s address window. The presence of a padlock and the http:// does not guarantee that the website is legitimate or secure. However, the absence of either the padlock or the http:// does indicate that the web site is not secure.
4) Identifying a phishing e-mail may be easier than it appears. Sometimes, the entire e-mal is a graphic which may be a sign. If you cannot highlight words, then you know it’s a graphic, sometimes with a link. Also, if you hover your mouse over graphic or other link, you can usually view the actually link (at the bottom of your screen or a hover line). The link may be something else than it actually says in the e-mail. If you do click on the graphic or link, check the url to make sure it actually is from the domain of your financial institution.
5) Use anti-virus software and make sure you have a firewall in place.
6) Review all financial statements (online or paper) as soon as you can so you can see if any unauthorized
charges are present. Log into FMFCU’s e- Banking for an even more up-to-date transaction history.
7) Never send e-mail with sensitive personal or financial information. E-mails are not secure. Visit official websites and login securely to send this type of information.
8) Always be aware of attachments in e-mails. Never open an attachment from someone you do no know. This could contain a potential virus.
9) Always make sure your web browser contains the latest patches. Newer browsers will eventually contain anti-phishing features to help you even more.
10) NEVER click on a link in an email in order to enter your log-in information or password. Instead, if you think the email may be legitimate, go directly to the company website using your Internet Explorer or Netscape browser. (Do not copy and paste a url address out of a suspicious email.)Hackers can easily mask a fake link, making it look like it is going to the proper site when it is not. Instead, type the link into your browser window by hand.
11) Learn your financial institution’s security measures. PayPal, for example, will never send you an email that does not begin with your full name. If you receive an email with a salutation like, “Dear PayPal Member” you know it is a fake.
12) Monitor your credit rating closely. Keeping a careful eye on your credit score is the best way to learn if you have fallen victim to an identity scam. An ID Theft protection product from MyIDFix.com can alert you to identity problems immediately so that you can fix them before they get out of hand.
No comments:
Post a Comment