Phishing

What is phishing? Phishing refers to the act of the attacker draw the users attention to visit a faked Web site by sending them faked e-mails or instant messages. The e-mail will directs the user to visit a Web site where they are asked to update personal information such as passwords and credit card, social security and bank account numbers. In fact, the legitimate organisation already has it. The frequently used attack method is to send e-mails to potential victims, which seems to be sent by banks or online organisations. In the e-mails, they will make up some causes such as the password of the credit card has been mis-entered for many times or they are providing upgrading services, to conduct the users visit their Web site to modify their account number and passwords through the hyperlink provided in the e-mail.

Following are the few examples of the phishing e-mails:

1.http://www.microsoft.com/windows/IE/images/using/54304_fake_url_1.jpg

2.http://www.bankrate.com/brm/news/advice/Phishing-email.asp

3.http://www.irs.gov/pub/irs-utl/phishing_email.pdf

Prevention Methods for Phishing

(a) Detect and block the phishing Web sites in time

- If users can detect the phishing Web sites in time, users then can block the site and prevent phishing attacks.

(b) Enhance the security of the web sites

- The business Web sites such as banks’ Web sites can take new methods to guarantee the security of the users personal information. For example, using the biometrics characteristics such as voice, iris, fingerprint and so on.

(c) Block the phishing e-mails by various spam filters

-Phishers are usually use e-mails as “bait” to attract the potential victims. They can send out large amount of spoofed e-mails which are seemed from legitimate organisations. The phishers hide their identities when sending the spoofed e-mails, therefore, if anti-spam systems can determine whether an e-mail is sent by the attackers, the phishing attacks will be decreased dramatically.

(d) Install online anti-phishing software in user’s computers

-It is still possible for the users to visit the spoofed Web sites regarding to all the above preventions. As a defense, users can install anti-phishing tools in their computers.

As for your own good, start to do some preventions from phishing before it’s too late.

Related links:

1. http://research.microsoft.com/users/chguo/phishing.pdf

2. http://www.microsoft.com/protect/yourself/phishing/identify.mspx

 

Possibly related posts: (automatically generated)

~ by chinchoon87 on June 18, 2008.

Posted in E-Commerce Security

3 Responses to “Phishing”

  1. Hey, you have a great blog here!

    I’m definitely going to bookmark you!

    IT IS AMAZING and GREAT post .. PLEASE Keep BLOGGING …

    I have this article which is releated to your post
    web services
    http://www.tm.com.sa
    You can comment also :)

    Thans & Regards
    Salem

    web services said this on June 18, 2008 at 11:09 pm | Reply

  2. It’s amazing

    suitetizwef said this on August 3, 2008 at 11:46 am | Reply

  3. thank you, guy

    Wriniagag said this on October 7, 2008 at 12:23 am | Reply

Leave a Reply