Examples of Phishing and Its Prevention Methods

What is Phishing??

Phishing is intentional acquiring of personal and sensitive information from the victim by masquerading as a business or individual. A scammer tries tricking someone at the website to obtain private information such as username, passwords and credit card numbers. It is usually carried out by e-mail or instant messaging and directs user to enter their personal information at a fake website. Normally, it is largely used in paypal, and others similar payment processors for instant banks, credit cards and eBay.

You might see a phishing scam

• In e-mail messages, even if they appear to be from someone you know.
• On your social networking website.
• On websites that spoof your familiar sites using slightly different web addresses, hoping you won’t notice it.
• In your instant message program.
• On your cell phone or other mobile device.

Examples of Phishing

Example 1: Phishing scam in e-mail message

The scam artists may place a link in them that appears to go to the legitimate website (1), but actually takes you to a phony scam site (2) or possibly a pop-up window that looks exactly like the official site.

Example 2: Obfuscated URL

This example uses a technique known as URL spoofing. The origin of this technique is that a malformed URL will not be displayed properly by certain web browsers, and this allows the hacker to trick you into thinking you are on a legitimate website.

In this example, the hacker sends an email containing a graphic asking you to click the link:

Despite appearance, the link tries to take you to:

http://olb.westpac.com.au[special unprintable characters]@68.112.112.35:8888/asp/index.htm

The nature of the web browser fault is that everything after the special unprintable characters will not be shown in the address bar, so all you see is http://olb.westpac.com.au, which makes you believe that you are on the real Westpac website.

For most recent information please visit to the Antiphishing Website:

http://www.antiphishing.org/

How to prevent Phishing??

Never give sensitive personal information in a message

Be very skeptical of any emails, instant message or pop-up window that asks for your personal information. If a bank or other company really needs to get some specific information from you, they'll most likely send it in writing or via a secure email.

Make sure the website is legitimate

Do not simply enter personal information unless you're sure it is to a website you are trusted and that the site takes appropriate steps to protect your data.

Be wary of clicking a link in a message or pop-up window

If you get an e-mail, instant message, or pop-up window that asks for personal information, do not click the link. Because it may take you to a phony site where any information you give may be sent to the phisher who built it. If you’re in doubt call the company to ensure that whether any messages are sent by them.

Improve your computer's security

Phishers hope you haven't been applying the latest security fixes, and may try to take advantage of these vulnerabilities. Some phishing e-mail may contain malicious or unwanted software that can track your activities or simply slow down your computer. Therefore, you should update your computer system regularly.