Friday, June 26, 2009

Phishing: Examples and its prevention methods


Do you know what does it means by “phishing”? Yea it is sounds alike with “fishing”, but the meaning behind the words are different. Fishes are the target of “fishing”, while “phishing” is targeting on our personal private data!

Definition - criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication

Here is an example for a phishing email:

It is so dangerous where our personal information will be used to perform wrongful things, or even we will lose our money. Therefore, to prevent this happen, there are several ways to avoid it:

Check the grammar and the sentences of the email
Normally, the phishing email is sent in bulk. Therefore, you should take not when you got an email with “Dear Valued Customer”. Besides, formal email is normally free of grammar mistakes (a company would not do this mistake to spoil their own company name). Therefore, when you did notice grammar mistake in the email, beware of it.

Compare the link address before clicking on it
When you receive an email that require you to fill in your information by clicking the website, compare the link address that written in the email, with the actual link that you are going to. The actual link that you are going to is provided by the browser where it normally located at left bottom of the browser when you mouse hover on the link. When the link address are different, do not click on it, it might be a phishing website that try to trick you.

Verify the e-mail with the original website
You can forward the email to the original website, or call to their service centre, to ask them to help you to verify whether it is an email from their website.

Directly go to the original website to precede the steps
If you think that verify with the original website is troublesome, you can directly go to that original website and precede the steps. By doing it through this way, you would not get into the phishing website, and you will get know if the original website did not require you to do so.

Check the link address with 3rd party – PhishTank
PhishTank “www.phishtank.com”, is a online database that store numerous of phishing website address. When you suspect that the email might be a phishing website, copy the link address and paste to this website to ask them verify for you. The website will then check the address with their database. If they could not find it in their database, they will try to access the website and verify for you whether it is a phishing website.

Install online anti-phishing software
Use online anti-phishing software to verify the website for you, for instance, ScamBlocker, PhishBlocker, and TrustWatch.

There are many ways to prevent getting trick, but the most important is to be careful and do not trust the email easily. Get smart before getting trick.

Additional Information:
- Alert: Watch Out for "Phishing" Emails
-
example of phishing
-
Wikipedia explanation about phishing
-
PhishTank

2 comments:

  1. people can stole our data and sell to some marketing company to conduct survey... so important to us to protect private data

    ReplyDelete
  2. yup, the most effective way to prevent being cheated or being "phish" is do not trust ANYONE, just go directly the original website that you often go, haha. Through this way, no one can scam you(unless they use software to steal it... but this is not the problem discuss in this post =P)

    ReplyDelete