.
Have you ever received any E-mails or SMS with the subject "to restore subject to your back account" and it seek your personal information and passwords?
.
The E-mail or Sms you received might be a scam or usually known as phishing in the field of computer security. Phishing is defined as the process of criminally fraudulent to acquire a person personal information such as user name, password or credit card information. It is usually carried out in the E-mails or Sms to direct the users to key in their personal informations into the fake websites. The websites created is almost identical and it is usually difficult to be identified whether it is real or fake by normal citizens..
"Phishing is origined from combination of fishing and phreaking"
.
Examples of phishing..
(i) Link Manipulation
.
One of the example of phishing is the link manipulation. The phisher will use some well known organization website to trick its prey. Most common method of link manipulation is the mispelled URL's method. For example, an original maybank website should be www.maybank2u.com.my, the phisher might created another link www.maybank4u.com.my. Most of the first time user, will not able to identify whether the website is real or fake..
Note: The URL is not linking to Myspace.com
.
(ii) Social engineering.
Some phisher might also use the bank name and logo to send an -e-mail to the user requesting for their personal information but it actually links to phisher website. The customer of the bank might think that the links is actually send by the bank they will filled up their private information as requested by the phisher.
.
(iii) Phone PhishingThe phisher might also uses Sms that claim to be from a bank and request the receiver to dial a phone number regarding it's bank account. The phisher might also use fake caller ID so that the prey believe that it actually came from trust organization.
.
Prevention Methods.(i) Social Responses
.
The government should educate and inform the public regarding phishing cases and methods. This can prevent the same case from repeating. For example, when you go to the bank, you can usually see the notes that states "The bank would not request private information from the user".
.
Besides that, citizen should also change their browsing habits. Instead of using the hyperlink methods, the user should find out the genuine website on their own to prevent phishing links.
.
(ii) Eliminating Phishing Mails.
There are now some spam filters available to be download in the internet. This method can helps to identify the phishing mails and automatically delete it once detected..
(iii) Monitoring and Takedown.
Individuals who found out the phishing websites can report to industry groups such as PhishTank to eliminate the fake existing website..
(iv) Browsers Alerting to Fraudulent Websites.
Web browsers nowadays such as Internet Explorer, Mozzila Firefox, Safari and Opera has provided the user with the fraudulent websites alert. When the browser detect a phishing link or websites, it will alert the user. Therefore, when you open any new websites, be sure to check whether there is any alert given by the web browser.
No comments:
Post a Comment