Phishing : Examples and Its Preventation Methods

What is Phishing?

A phishing technique was described in detail in 1987, and the first recorded use of the term "phishing" was made in 1996.

Phishing or Web Forgery is the criminally fraudulent process of attempting to get information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.

Phishing is typically carried out using email or an instant message. It often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.

The following is an example of what a phishing scam e-mail message might look like:

Example of a phishing e-mail message including a deceptive URL address that linking to a scam Web site. To make these phishing e-mail messages look even more legitimate, the scam artists may place a link in them that appears to go to the legitimate Web site (1), but it actually takes the users to a phony scam site (2) or possibly a pop-up window that looks exactly like the official site.

Here are some of the Phishing Examples:

PayPal

PayPal is an online payment solution provider. We can receive funds and pay for products and services that we purchase on the web through PayPal.

In an example PayPal phish, spelling mistakes in the e-mail and the presence of an IP address in the link (visible in the tooltip under the yellow box) are both clues that this is a phishing attempt.

Another clue is the lack of a personal greeting. A legitimate PayPal communication will always greet the user with his or her real name, but not just with a generic greeting like, "Dear Accountholder."

eBay

This genuine looking email is a masquerade. When the receivers clicked on “respond”, they were directed to an exact clone of eBay and the personal information was stolen. These messages come in different styles and writings.

To prevent this, go manually to ebay.com and checkout the private messages whether real or not.

How to Prevent Phishing?

Here are some of the Phishing Preventation Methods：

Train People to Recognize Phishing Attempts

One strategy for combating phishing is to train people to recognize phishing attempts, and to deal with them. One newer phishing tactic, known as spear phishing, has been harnessed to train individuals at various locations.

People can take steps to avoid phishing attempts by slightly modifying their browsing habits. When contacted about an account needing to be "verified", it is a sensible precaution to contact the company from which the e-mail apparently originates to check that the e-mail is legitimate.

Never Enter the Personal Information in a Pop-up Screen

Legitimate companies, agencies and organizations don’t ask for personal information via pop-up screens. If the users enter the information in a pop-up-screen, the information will go to the phisher. To help prevent this type of phishing attack, the users can install pop-up blocking software.

Protect Computer with Spam Filters, Phishing Filter, Anti-virus and Anti-spyware software, and a Firewall, and Keep Them Up to Date

A spam filter can help reduce the number of phishing emails you get. The spam filter product comparisons are available in the website: http://spam-filter-review.toptenreviews.com/

Anti-virus software and anti-spyware software, can protect the users against pharming and other techniques that phishers use.

Firewalls prevent hackers and unauthorized communications from entering the users' computer–which is especially important if the users have a broadband connection because the users' computer is open to the Internet whenever it’s turned on.

Only Open Email Attachments that are Expected and Know What They Contain

Even if the messages look like they came from people you know, they could be from scammers and contain programs that will steal your personal information.

Phishing and Malware Protection
Phishing and Malware Protection helps to keep the user safe online. These features will warn the users when they visit a page that has been reported as a Phishing pages or Web Forgery of a legitimate site.

For example, Internet Explorer 7 introduces a new notification area called the Security Status Bar. If a web site is a known phishing site the Address Bar turns red, and the Security Status Bar will appear.

References：

http://en.wikipedia.org/wiki/Phishing#Phishing_techniques

http://www.bustathief.com/what-is-phishing-ebay-phishing-examples/

http://www.microsoft.com/athome/security/email/phishing.mspx?ifs=0

http://www.mozilla.com/en-US/firefox/phishing-protection/

http://www.fraud.org/tips/internet/phishing.htm

http://www.ie-vista.com/phishing.html