These
days Phishing is a major Threat which is being faced by almost everybody
who has a computer and an email account .A phish attack normally involves
three parties which are a phisher ,an end User and the Entity which
is being phished .This entity could be a bank,an Auction site ,a Payment
site or even a personal usage site such as Myspace .Below I have mentioned
the definitions of phishing &Antiphishing as well as as how we can
avoid it .To know more ,click on external links as well as use Google
Search .
What
is Phishing
As
per wikipedia ,Phishing is a criminal activity using social engineering
techniques. Phishers attempt to fraudulently acquire sensitive information,
such as usernames,passwords
and credit card details, by posing as a trustworthy entity in an electronic
communication. eBay and PayPal are two of the most targeted companies,
and online banks are also common targets. Phishing is typically carried
out by email or instant messaging, and often directs users to givedetails
at a website, although in some cases phone contact has been used as
well.
What
is Antiphishing
Anti-phishing
software consists of computer programs that attempt to identify phishing
content contained in websites and e-mail. It is often integrated with
web browsers and email clients as a toolbar that displays the real domain
name for the website the viewer is visiting, in an attempt to prevent
fraudulent websites from masquerading as other legitimate web sites.
Anti-phishing functionality may also be included as a built-in capability
of some web browsers.
Antiphishing
Programs/Toolbars
The
Least you can do is to Install an Anti phishing Toolbar.IE 7 has this
feature by default .Also you can use Google
OR NetCraft Toolbar.They
are available for both Internet Explorer and Mozilla Firefox .
For
a complete list of Antiphishing Programs , visit here
.
Tips
to Avoid Phish Scams
-
Keep in mind that No bank will ever send you an email
asking for your User Name , Password or PIN . If you find any such
email , ignore it .If you want to give it a try , call the Bank Customer
Support no. mentioned on your ATM Card and verify .
-
Always type your Bank Name(insteade of using Google Search) and make
sure that there are no spelling mistakes and the site looks familiar
.A Proper Bank site will have lots of interlinked pages and you can
perform a quick verification by clicking on 2-3 different links .
- Additionally
you can use the Smart WhoIs Lookup Tool here
to see who is the owner of the domain which is mentioned in the suspicious
mail .
- For
Domains which end up with Sa i.e bank.com.sa ,you can use the Saudi
NIC Tool to see the Owner Information .
- If
you are sent a phishing email and the website looks quite legitimate
to you ,try inputting the fake data and see what happens .In most
of the cases ,if it is a fake site ,it will accept the data and redirect
you to the Original website .It is a good technique against Pharming
Attacks.In pharming attacks ,you type the correct bank name but it
is redirected to a fake bank site using poisoned dns cache .
-
You should use at least one or two different toolbars to make sure
that you don't miss a phish site alert.I personally use Google and
NetCraft Toolbar simultaneously with Firefox .
-
If you use NetCraft Toolbar ,it will also inform you the city where
the Bank Servers are hosted .If you live in riyad and your local bank
site is hosted in China than this is suspicious .
-
Use this page to visit the Actual Saudi
Bank Sites,spend a few minutes on each site to see how they appear.It
will help you next time when you see a phish site.
-
Use the Online resources on left hand side to know more about Phish
Scams as well as other malicious activities . Use Google Search above
to find other resources .
-
APWG (Antiphishing Working
Group) Suggest to Be suspicious of emails with urgent requests for
personal financial information.Also be alarmed of the statements that
urge you to act immediately.
-
Always Resist requests for usernames, passwords, account numbers and
other identifying information.
Beware of messages that are not personalized. Valid messages from
banks and other legitimate sources usually refer to you by name.
- Make
sure your Internet browser is up to date and that current patches
are applied.
