In the world of computers, phishing has become big business. Phishing, or attempting to gather information of a more sensitive nature such as logins, passwords, credit card or bank account details, has become far more prevalent today than it ever was.
Phishing is technically, just one more example of social engineering techniques that are used to trick a user into offering up their information to make it easier for the phisher to gather it.
The most recent attempts at phishing have been geared toward online banks and payment services consumers, and use emails which are purportedly from those services, or from the IRS (Internal Revenue Service) to gather information.
The emails now have begun to be targeted specifically at customers of a given bank or payment service and because they are more specific, have been given the new nomenclature-Spear Phishing.
One prevalent place that phishers will target are social networking sites, because such sites can be used to gather enough information to permit an identity theft. Nearly have of all phishing thefts between 2006 and 2007 appear to have initiated by groups doing business through the Russian Business Network which is based in St Petersburg.
There are several ways to combat phishing schemes, but the best way is education. Train the computer user, and particularly the novice user, to recognize phishing schemes for what they are and to avoid them.
Since most phishing is based to some degree on the impersonation of either a site, or a person who is in charge of that site, preventing it means finding some reliable method of determining a sites real identity.
One example is that some anti-phishing toolbars currently in use, show the domain name for the site you are currently visiting, permit you to add a nick name to it so that yo will know when you are visiting the same site again.
A general rule of thumb is that if an email comes with a banking or online payment site link, regardless of whether you believe that link is fraudulent or genuine, don't use it. Manually type in the url to the company that you use and investigate whether or not that site has asked for you to login or submit some survey or what have you, by checking your administrative messages once you are assured that you are on the genuine site.
Under no circumstances click on the link in the email, because having done so, there are times when your personal information is compromised simply by clicking the link.
If by some chance you do click the link and arrive at the suspect site, DO NOT enter information into the sites login, as those keystrokes are usually captured to permit the phisher to log into your genuine banking or online account site.
Abdul Hayi Mansoor, SEO Consultant Specialist, frequently writes informative articles about variety of topics including IT security issues.
Article Source: http://EzineArticles.com/?expert=Hayi_Mansoor
No comments:
Post a Comment