UBAI3013 E-COMMERCE
Bachelor of Business Administration (HONS)Entrepreneurship

Tutorial Group 1
Lecturer: Ms. Kang Chye Mei
Tutor: Ms. Chin Wai Yin

Thursday, June 25, 2009

Phishing: Example and its prevention method

Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.A phishing technique was described in detail in 1987, in a paper and presentation delivered to the International HP Users Group, Interex.The first recorded mention of the term "phishing" is on the alt.online-service.America-online Usenet newsgroup on January 2, 1996.




An example of a phishing e-mail, disguised as an official e-mail from a (fictional) bank. The sender is attempting to trick the recipient into revealing confidential information by "confirming" it at the phisher's website. Note the misspelling of the words received and discrepancy. Such mistakes are common in most phishing emails. Also note that although the URL of the bank's webpage appears to be true, it actually links to a phisher's webpage.


There are several ways to Prevent phishing attacks:


  • First,do not use the links in an email, instant message, or chat to get to any web page if you suspect the message might not be authentic or you don't know the sender or user's handle. We can call the company on the telephone, or log into the website directly by typing in the Web adress in your browser .

  • Second,Avoid filling out forms in email messages that ask for personal financial information.We should only communicate information such as credit card numbers or account information via a secure website or the telephone.

  • Next,we shouldalways ensure that we are using a secure website when submitting credit card or other sensitive information via our Web browser.It is because phishers are now able to 'spoof,' or forge BOTH the "https://" that we normally see when we're on a secure Web server AND a legitimate-looking address. We may even see both in the link of a scam email. Again, make it a habit to enter the address of any banking, shopping, auction, or financial transaction website yourself and not depend on displayed links.

  • Fourth, we can installing a Web browser tool bar to help protect us from known fraudulent websites. These toolbars match where we are going with lists of known phisher Web sites and will alert us. For instead,now has the newer version of Internet Explorer version 7 includes this tool bar as does FireFox version 2 that we can install it to protect us.

  • Fifth way is regularly check our bank, credit and debit card satements to ensure that all transactions are legitimate.If anything is suspicious or you don't recognize the transaction, contact your bank and all card issuers.

  • Next method is always report "phishing" or “spoofed” e-mails to the following groups, such as reportphishing@antiphishing.org ,Federal Trade Commission at spam@uce.gov , "abuse" email address at the company that is being spoofed, and notify The Internet Crime Complaint Center of the FBI by filing a complaint on their website: www.ic3.gov/

  • Besides that,we also can use a social responses to prevent phishing attacks, which is to train people to recognize phishing attempts, and to deal with them.Education can be effective, especially where training provides direct feedback.For example, one newer phishing tactic, which uses phishing e-mails targeted at a specific company, known as spear phishing, has been harnessed to train individuals at various locations.

Sources:

http://www.antiphishing.org/consumer_recs.html

http://en.wikipedia.org/wiki/Phishing



Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)