E-com Gallery: Phishing: Examples and its prevention methods

What is Phishing?

Phishing is a computer geek spelling of the word "fishing". It is a crimeware technique used to steal the identity of a target company to get the identities of its customer. In general, phishing attacks are performed with the following four steps:
1) Phishers set up a counterfeited Web site which looks exactly like the legitimate Web site, including setting up the web server, applying the DNS server name, and creating the web pages similar to the destination Web site, etc.
2) Send large amount of spoofed e-mails to target users in the name of those legitimate companies and organizations, trying to convince the potential victims to visittheir Web sites.
3) Receivers receive the e-mail, open it, click the spoofed hyperlink in the e-mail, and input the required information.
4) Phishers steal the personal information and performtheir fraud such as transferring money from the victims’ account.

Examples of Phishing

ebay is one of the most popular phishing places. Scammers phish on ebay to obtain eBay ID’s which then are used to sell fake or non-existent goods or such accounts can be sold further in the underground market. In other words, the new owners of stolen eBay ID’s now are equipped with positive feedback, previously generated by the real owner, and are now used to scam people.

This eBay phishing email includes the eBay logo in an attempt to gain credibility. The email warns that a billing error may have been made on the account and urges the eBay member to login and verify the charges.

Citibank is currently the target of a series of phisher scams designed to steal sensitive personal information from Citibank customers. Scam emails, supposedly from Citibank, have been randomly mass mailed to thousands of Internet users. The scammers rely on the statistical probability that at least a few of the recipients will be Citibank customers and that a small number that are customers will fall for the scam.

There is no shortage of irony in the Citibank phishing example here. The attacker claims to be acting in the interests of safety and integrity for the online banking community. Of course, in order to do so, you are instructed to visit a fake website and enter critical financial details that the attacker will then use to disrupt the very safety and integrity they claim to be protecting.

Here are some tips to prevent become a victim of Phishing:

Be suspicious of any email with urgent requests for personal financial information. Do not respond to it.
Don't use the links in an email to get to any web page, if you suspect the message might not be authentic. Instead, call the company on the telephone, or log onto the website directly by typing in the Web address in your browser.
Avoid filling out forms in email messages that ask for personal financial information.
Don’t email personal or financial information. Email is not a secure method of transmitting personal information. Unfortunately, no indicator is foolproof; some phishers have forged security icons like the lock icon on an order form.
Always ensure that you're using a secure website when submitting credit card or other sensitive information via your Web browser.
Use the internet to shop for an item. Then telephone your order to the vendor rather than using the so-called secure order form.
Consider installing a Web browser tool bar or anti-phishing software to help protect you from known phishing fraud websites. Perform a search engine search on "anti-phishing software" to find a product.
Regularly check your bank, credit and debit card statements to ensure that all transactions are legitimate. If anything is suspicious, contact your bank and all card issuers.
Regularly log into your online accounts. Check each account every 29 days or less.
Ensure that your browser is up to date and security patches applied.
Use anti-virus and anti-spyware software and a two-way firewall, and keep them up to date.
If you believe you’ve been the victim of a phishing scam, file your complaint at Federal Trade Commission's website ftc.gov, and then visit the FTC’s Identity Theft website at www.consumer.gov/idtheft.