What is Phishing?
Phishing is a form of fraud that encompasses a set of activities by unauthorized users through the use of fake e-mail messages and fake websites of most financial organizations, trying to obtain from users confidential personal information such as EMBG, username, PIN numbers etc. Unfortunately, there is a large number of users who are not familiar with this type of fraud. Once they get hold of the confidential data, malicious senders either use it themselves or sell it. The messages usually refer to fake web pages, which according to their appearance completely correspond to the web pages of legitimate companies (firms).
The most common forms of phishing are :
- A false warning from the bank or other financial organization in which the user is asked to provide personal information in order to prevent the account from being terminated.
- Scams from auction websites, in which the user is convinced to pay a certain amount of money to buy a certain product, and in fact, with that, the user, thinking that he is buying a product, makes a payment to a fake account.
- A fake message from the administrator asking for user data, such as a password.
- Various notices trying to extort money for fake charities.
- Messages that entice the user to pay a certain amount of money to a fake account (For example, a message about a drastic reduction in the price of a certain product that can only be purchased on the Internet).
- Messages informing you that you have won a lottery and that they need your personal information in order to claim your prize.
How to recognize a phishing message?
Fraudsters often copy the visual appearance of genuine websites of banks and other companies. Recently, fake messages are completely identical to the originals, but there are certain details that reveal the fraud:
- Spelling and grammatical errors;
- Personal data is required;
- Requires installation of a program that is claimed to fix the security flaw found;
- Fake links and messages;
- Not using SSL and digital certificate;
- The content of the message is an HTML template;
- Unrealistic promises;
- Errors in the message subject
- An immediate response is required;
- They do not vote for a specific person.
The scammer’s motive
When fraudsters get their hands on users’ personal data, they will use it in a variety of ways. Although some will be satisfied with the fact that they have defrauded the user, most of them will want to make a financial profit. If a fraudster gets hold of credit card or bank account numbers, they can use them themselves or sell the information to others. Also less sensitive data (such as e-mails, name, EMBG) can be used and sold to interested parties. It is dangerous when malicious senders get hold of user account and password data, because then they can commit various criminal activities on the Internet in the name of deceived users.
How to protect yourself from phishing?
- Never respond to e-mails that ask for personal information – financial institutions have your information, and it is unlikely that a reputable company will ask for your personal information via e-mail;
- Never follow (do not click on) suspicious web pages – usually such links are part of a suspicious e-mail;
- Never follow links if you are not sure who sent them – for this purpose it is useful to use a digital signature;
- Use a spam filtering program – these programs reduce the unwanted messages that most users receive on a daily basis;
- Use an antivirus program – these programs recognize malware that can also be used to collect personal data;
- Use a personal firewall – so that you can monitor the traffic to the Internet in two directions and have an insight into possible suspicious activities;
- Use antispyware software;
- Regularly update the software you use;
- Track your account balance;
- Use good passwords and change them often – good passwords consist of a combination of uppercase and lowercase letters, numbers and specific symbols that are difficult to crack;
- Check if the website uses HTTPS protocol – Web addresses of financial institutions should start with https:// instead of http://, double-clicking the wrench icon can check the digital certificate;
- Stay up-to-date, monitor internet phishing information.
Examples of phishing
Dear eBay member,
As part of out continuing commitment to protect your account and to reduce the instance of fraud on our website, we are undertaking a periodic review of out member accounts.
You are requested to visit our site by following the link given below http://arribba.cgi3.ebay.com/aw-cgi/ebayISAPI.dll?UpdateInformationConfirm&bruser=1
Please fill in the required information.
This is required for us to continue to offer you a safe and risk free environment to send and receive money online, and maintain the eBay Experience.
Thank you Accounts Management As outlined in our User Agreement, eBay will periodically send you information about site changes and enhancements. Visit the Privacy Policy and User Agreement if you have questions.
Copyright © 1995-2003 eBay Inc. All Rights Reserved. Designated trademarks and brands are the property of their respective owners. Use of this Web site constitutes acceptance of the eBay User Agreement and Privacy Policy.
2. In the case of e-PayPal phishing, you can see typos in the email and the presence of an IP address in the link, which is proof that it is phishing.
3. In this example, targeting SouthTrust Bank customers, the fraudster used an image to make it difficult for anti-phishing filters, which are programmed to scan only a text message.
From: SouthTrust< support_id_99583160@southtrust.com>
Subject: SouthTrustBank: Important Notification
Date: Thu, 16 Jun 2005 23:56:30 – 0200 (22:56 BRT)
