Phishing is the criminally fraudulent process of attempting to acquire important information such as usernames, passwords and credit card details. For example, the hacker/cracker will send e-mail or instant message ask users to update their personal information such as credit card number and bank account number.
Example of phising
Sample 1: Look like a message from eBay's payment system PayPal.
Figure 1.1 Example receipt of Ebay – Paypal
When the users click on the link, the users are re-directed to sample 2. At the sample 1 looks like the PayPal website, but when the users check the address at the top the users will see that the people who want users email address and PayPal password are hiding behind some obscure site.
Sample 2: Look like a message from eBay's payment system PayPal.
Some prevention methods for phishing
- While the users receive any email from the bank ask users verify their account information, and then the users must check the sender of the email. When the email address is not the domain of a legitimate bank, then it is certain that email is a phishing.
- The users do not follow a click here link in the email. The phishing emails usually have a ‘Click here to re-enter user information’ kind of link that leads to an illegitimate website.
- The users must check contract information provided in the email. It is because have a lot of phishing emails contain fake contract information that would just serve users into their hands.
- The users must check the information about users provided in the email. Hacker/cracker is getting better and better at obtaining users information.
No comments:
Post a Comment