Phishing

What is phishing? Phishing refers to the act of the attacker draw the users attention to visit a faked Web site by sending them faked e-mails or instant messages. The e-mail will directs the user to visit a Web site where they are asked to update personal information such as passwords and credit card, social security and bank account numbers. In fact, the legitimate organisation already has it. The frequently used attack method is to send e-mails to potential victims, which seems to be sent by banks or online organisations. In the e-mails, they will make up some causes such as the password of the credit card has been mis-entered for many times or they are providing upgrading services, to conduct the users visit their Web site to modify their account number and passwords through the hyperlink provided in the e-mail.

Following are the few examples of the phishing e-mails:

1.http://www.microsoft.com/windows/IE/images/using/54304_fake_url_1.jpg

2.http://www.bankrate.com/brm/news/advice/Phishing-email.asp

3.http://www.irs.gov/pub/irs-utl/phishing_email.pdf

Prevention Methods for Phishing

(a) Detect and block the phishing Web sites in time

– If users can detect the phishing Web sites in time, users then can block the site and prevent phishing attacks.

(b) Enhance the security of the web sites

The business Web sites such as banks’ Web sites can take new methods to guarantee the security of the users personal information. For example, using the biometrics characteristics such as voice, iris, fingerprint and so on.

(c) Block the phishing e-mails by various spam filters

Phishers are usually use e-mails as “bait” to attract the potential victims. They can send out large amount of spoofed e-mails which are seemed from legitimate organisations. The phishers hide their identities when sending the spoofed e-mails, therefore, if anti-spam systems can determine whether an e-mail is sent by the attackers, the phishing attacks will be decreased dramatically.

(d) Install online anti-phishing software in user’s computers

-It is still possible for the users to visit the spoofed Web sites regarding to all the above preventions. As a defense, users can install anti-phishing tools in their computers.

As for your own good, start to do some preventions from phishing before it’s too late.

Related links:

1. http://research.microsoft.com/users/chguo/phishing.pdf

2. http://www.microsoft.com/protect/yourself/phishing/identify.mspx

 

Advertisements

~ by chinchoon87 on June 18, 2008.

3 Responses to “Phishing”

  1. Hey, you have a great blog here!

    I’m definitely going to bookmark you!

    IT IS AMAZING and GREAT post .. PLEASE Keep BLOGGING …

    I have this article which is releated to your post
    web services
    http://www.tm.com.sa
    You can comment also 🙂

    Thans & Regards
    Salem

  2. It’s amazing

  3. thank you, guy

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: