Phishing is a technique that was first described in detail in year 1987 in the paper and presentation delivered to the International HP Users Group, Interex. It is defined as the act of sending as e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The word phishing also referred to as brand spoofing or carding, which is a variation on "fishing". It is because the idea of being that bait is thrown out with hopes that while most will ignore the bait but some will be tempted into biting.
The example of phishing can be displayed with PayPal image given, spelling mistakes in the e-mail and the presence of an IP address in the link (visible in the tooltip under the yellow box) are both clues that it is a phishing attempt. Other than that, another clue to know that it is an act of phishing is the lack of a personal greeting, although the presence of personal details would not be a guarantee of legitimacy. A legitimate PayPal communication will always greet the user with his or her real name, such as "Dear Ms.Ong" but not with just a generic greeting like, "Dear Accountholder." Other signs that the message is a fraud are misspellings of simple words, bad grammar and the threat of consequences such as account suspension if the recipient fails to comply with the message's requests.
Take note that many phishing emails will include, as a real email from PayPal would, large warnings about never giving out your password in case of a phishing attack. Warning users of the possibility of phishing attacks, as well as providing links to sites explaining how to avoid or spot such attacks are part of what makes the phishing email so deceptive. In this example, the phishing email warns the user that emails from PayPal will never ask for sensitive information. True to its word, it instead invites the user to follow a link to "Verify" their account; this will take them to a further phishing website, engineered to look like PayPal's website, and will there ask for their sensitive information. You can report these phishing emails to PayPal directly. Remember not to use any of the links that your phishing email has provided.
To prevent the action of phishing, there are several techniques available including the legislation and technology. Everyone should be responsible in order to protect the phishing from happening and damaging others. In social responses, people can be educated especially where training provides direct feedback. In the education, people can recognize whether the information requested is a phish act or from the company itself, for example in PayPal, the email will include the owner's name rather than dear accountholder as given in the example.
The second preventing act is from technical responses. Internet browser have their own method to prevent it and a popular technique that is use is to maintain a list of known phishing sites. Microsoft's IE7 browser, Mozilla Firefox 2.0, Safari 3.2, and Opera all contain this type of anti-phishing measure. Other than that, anti-phishing filters have been sets at web browser to prevent it from happening. Even in the mailbox, anti-spam filter can also be set in order to avoid phishing act. Further example is on when user would like to go on a certain site.
The last preventing act is from the legal responses, legal act have been released to provide safety for internet users. The example is the Anti-Phishing Act of 2005 which was introduced in the United States by Senator Patrick Leahy. While in UK, the act was strengthened with Fraud Act 2006 which was introduces a general offence of fraud that can carry up to a ten year prison sentence, and prohibits the development or possession of phishing kits with the intention to commit fraud.
No comments:
Post a Comment