pHisHing: ExAmples aNd its PreVenTion MeThod

Phishing is a crimeware technique to steal the identity of a target company to get the identities of its customers. A person who practice's phishing is called a phisher. Here have some examples of phishing, cases 1: Ebay

Message received by eBay member:




This genuine looking email is a masquerade. As soon as you clicked on "respond", you were directed to an exact clone of eBay and your personal information was stolen. These messages come in different styles and writings. Go manually to ebay.com and check your private messages there and you will see if its real or not.

Second message received by ebay member is:



This message is showed someone was requests that you fill out all personal data, pin code et cetera. You must be pretty naive to fill this form and send it back. The next thing you know is that your account is emptied, checks are written or some crook has done some lavish shopping with your account or credit card.


Cases 2: Bank Of The West

This is the mail one receives:



The client conscious bank would never send an email like this. But to the unsuspecting, law abiding, inexperienced nettizen it might look as a legitimate request. The phisher use client's fear for having the client's account emptied or at least suspended.

To prevent phishing attack,

• Using Firewall and anti-virus software to protect your computer.

• Review web sites SSL certificates and your own bank and credit card statements for an extra measure of safety.

• Continuous periodic exercises for all users in which they experience safe phishing.

• Universal two-factor authentication.

• Implementation of verification tools such as secret images, and or challenge questions. Secret images is works by having a user select one or more images in advance. The images is only known to the customer and the authenticator, the process works by showing this images to the end user, the end user should be instructed that when this image is not present the site is NOT legitimate and to contact a customer service rep as soon as possible. Challenge questions, work by having a user select multiple secret questions in advance, that only the customer and the authenticator are aware of.
  

• Log information such as IP address, location information, and computer finger prints to uniquely track any device accessing changing customers data online.

• Do not mass e-mail your customer base with web links directed to your site or any other website. Doing so teaches your customer base to accept web link opening, and to assume trust. This will open you up for Phishing attacks in the future.

• Never email confidential information to ANYONE.

• Change your passwords every 90 days.

• Never click on a link within an email, always type in the main address of the site yourself and navigate to the login page via their menu.