Friday, June 26, 2009

Phishing

Phishing is a fraudulent technique to steal the identity of a company to acquire the sensitive and confidential information of its customers. For examples, the customers’ personal information such as username or password.

Spy-phishing is a phishing technique with spyware programs which target on online banking and other websites. The phisher normally uses SPAM, malicious websites, email and instant messaging to trick users and login into their personal account so that they are able to steal their information. This information is then sending to the fraudster who then uses it, mostly for bank and credit card fraud. This is the most common phishing tactic nowadays.

Phishing has become more and more serious fraud nowadays. As users of the online application, we must protect and prevent ourselves from getting into those tricks.

Firstly, users must verify the authenticity and security of the websites. A user must login to their account by using the company’s official website rather than login through any hyperlink or email. Most of the banking websites are now warning their users not to login through any email or hyperlink and ignore email that require the users to update their personal information. Also, never reply to any email or pop up messages from company that ask for personal information.

Users must secure their computers with the antivirus software and firewall software. They have to ensure all of the software is updated frequently before they conduct any online activities. However, the users are highly recommended to install online anti-phishing software. There are two type of anti-phishing software: blacklist/ white list based and rule- based. The blacklist/ white list based will warn the users whenever they visit those phishing sites while the rule- based will check the security of the visited web site according to the rules established.
On the other hand, education can be provided and users are acknowledged regarding the danger of phishing. The users are taught to understand what phishing is and how phishing can attack and endanger them. The users must also be alert to identify and detect the phishing email. They may block the sites to prevent the phishing attack.

Last but not the least; users can block the phishing email by using anti spam software or spam filter. This filter could scan the contents as well as the information of the email to determine whether the email is sent by the identified sender and thus decreasing the phishing attack.

Example of phishing email of Citibank:

1 comment:

  1. I personally never use any personal information for my password.

    cause the easiest theft happens with the people that are close to you. I'm not saying that outsiders wont be able to hack your password, but it is also a good safety barrier. especially nowadays when we publish all our personal information on our social websites, like facebook. which i can easily KNOW your date of birth and other personal stuff

    ReplyDelete