Phishing is the criminally fraudulent process if attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as trustwothy entity in an electronic communication. Phishing is typically carried out by e-mail or instant messaging and it often directs users to enter detail at website. Phishing technique was describes in 1987 and first record use in 1996. The term is a variant of fishing probably influence by phreaking and alludes to baits used to catch financial information and password.
Examples of Phishing:
In an example PayPal phish (right), spelling mistakes in the e-mail and the presence of an IP address in the link are both clues that this is a phishing attempt. A legitimate Paypal communication will always greet the user with his or her real name, not just with a generic greeting . Note that many phishing emails will include, as a real email from PayPal would, large warnings about never giving out your password in case of a phishing attack.
In an example PayPal phish (right), spelling mistakes in the e-mail and the presence of an IP address in the link are both clues that this is a phishing attempt. A legitimate Paypal communication will always greet the user with his or her real name, not just with a generic greeting . Note that many phishing emails will include, as a real email from PayPal would, large warnings about never giving out your password in case of a phishing attack.
Another example of Phishing form eBay:
Next, Phising example is sample bogus e-mail from Citibank:
Prevention of Phishing:
1) Browsers alerting users to fraudulent websites.
This approach is to maintain a list of known phishing sites and to check websites against the list. It is switching to a special DNS service that filters out known phishing domains.
2) Helping to identify legitimate sites
Preventing it depends on some reliable way to determine a website's real identity.
Preventing it depends on some reliable way to determine a website's real identity.
3) Augmenting password logins.
The website ask users to select a personal image, and display this user-selected image . The users are instructed to enter a password only when they see the image they selected.
4) Eliminating phishing mail.
Specialized spam filters can reduce the number of phishing e-mails that reach their addressees' inboxes. These approaches rely on machine learning and natural language processing approaches to classify phishing e-mails
5) Monitoring and takedown.
Several offer likely to suffer from phishing scams round-the-clock services to monitor, analyze and assist in shutting down phishing websites.
References: http://www.wikipedia.com/
0 comments:
Post a Comment