Thursday, March 01, 2007

What is Phishing?


We can define Phishing as Web Forgery or a Spyware which steals your personal Identity data like your user accounts,passwords etc and financial account credentials like your credit card,bank accounts information etc. Phishing is generally carried out using e-mails,instant messages,phone calls.

Recently I got a email message from E-Bay with subject Power Seller like this:

Dear E-Bay Member,

Congratulations. Your recent selling activity entitles you to Silver Status in the E-bay Power Seller program. Your Membership comes with some great benefits and services.

Download free business templates for Power Seller business cards and letter letterhead.

Sign up today. It's free. Visit www.ebay.com/powerseller(link) and click your Member Sign In.

Again congratulations and best wishes for your continued success

Sincerely
E-Bay Power Seller Team

The above is an example of Phishing email. E-Bay give Power Seller status to only the best trusted sellers only. It won't give Silver Status to every member. Also this mail has not addressed me personally. It has addressed all E-Bay Members. Also I kept the cursor on the link given by them and check it on the status bar. Both Website addresses are not same. One more important thing is I never sell anything in E-bay site.

So this is forged site of E-Bay. If you click their link then it will take you to the forged site of E-Bay. The forged site is same as the original E-Bay site. If you sign into your E-Bay account from their site then they will steal your username and password.

So becareful about this type of Emails linking to forged sites. Also remember that no site will ask about your account details or account verification.

Some more E-Bay Phishing messages have the following subject lines:

UpdateYour Account
eBay Verify Accounts
eBay: Account Violate User Agreement
Account Verification
Update or verify your account informations
Account Suspension Notice - Section 9
New and improved account protection
Security Check
Billing Issues
Update Your Billing Informations
Your account at ebay has been suspended
eBay Security Center Urgent eBay Account Update
Ebay(R) Re-Activation Unit
eBay account verification needed
Your eBay Account Must Be Confirmed
Fraud investigation

Some MSN Phishing messages have the following subject lines:

Microsoft Network customer data verification
Warning Message
Your membership will be cancelled
Account Verification
current network critical patch
MSN HOTMAIL Account Verification

Some Yahoo Phishing messages have the following subject lines:

Important Information Regarding Your Account
E-mail account security warning

Recently Phishers are targetting Banks. If you click those links then they will take you to forged banking sites. The forged sites are same as like original bank sites. If you enter your username,password details then they steal your username and password. They will draw all of your money from your bank account. The banking Phishing messages also have subject lines like E-Bay subject lines. So becareful when you entering your online bank details.

Now all of the Banks are displaying Alert messages in their sites like below.

Uti Bank alert message

In case you have received any e-mail from an address appearing to be sent by UTIBANK, advising you of any changes made in your personal information,account details or information on your user id and password of your netbanking facility, PLEASE DO NOT RESPOND. It is UTIBANK's policy not to seek/send such information through email. If you have already disclosed your password please change it immediately.

Phone Phishing

In Phone Phising users will get a phone call from a bank(Fake). They told users to dial a phone number regarding a problem with their bank account. Once the users dialed the number,then Phishers told users to enter their account numbers and PIN. If you enter those details your money will be stealed by the Phishers.

In every month Phishers are sending 6 billion Phishing emails worldwide. Becareful regarding email messages from E-Bay,Banks,Paypal,Credit Card companies.

Take the following precautionary steps while you browsing.

1. Latest Browsers like Internet Explorer 7.0, Firefox 2.0, Opera 9.10 have Phishing Filters. Use any of the above browsers. They will alert you when you click a link of a forged site. All of the above browsers Phishing Filters are working very well.

2. Don't respond to emails asking about your account details,account verification,credit card details, credit card verification etc.

3. Don't download any attachments or files(html files also) from the suspected Phishing Messages. These files can contain Viruses or Trojan keylogger spyware. They steal your personal data and financial account credentials like your credit card,bank accounts information etc.

4. Take a free Phishing test at the following site. The site will display 10 messages from world famous companies regarding Phishing one by one. You have to observe those messages and tick your opinion whether it is a Phishing message or legitimate message. After completing 10 questions they will explain why a particular message is Phishing or why a particular message is legitimate. You will better understood Phishing after completing the Phishing test.

Free Phishing test

Also you will get plenty of information on phishing by visiting PhishTank site.