Phishing(2)

=Phishing=

toc “Phishing”, no its not a typo or a new kind of sport that bears any similarity to fishing. Phishing is a new term that has emerged in the past few years and mainly deals with computers. Microsoft has described this term as [|“a type of deception designed to steal your identity” (Microsoft)]. Basically phishing is similar to actual fishing the only difference being the medium (rod and hooks) used are the computer/internet and the fish are the common consumers. Also the price for getting caught in one of these can be very severe from losing money and important information to severe identity theft and misuse.

=How it works=

The main tool in phishing is the Internet. First a fraudulent email is sent to users and this email usually copies the identities of popular and reputed companies. For example a con artist might send an email and mask it as though it were coming directly from a financial institution, Credit Card Company or any other firm which deals with personal information. The email usually contains all the vital visual clues like the logos and format of the copied company. Once the user notices all these clues they usually assume that the email is authentic and directly from the original source. Anyway, most of these emails are usually sent to extract information from the user and this is only possible if the user actually manually enters it in and sends it back. Thus to create that kind of scenario, the con artists usually state facts like the credit card was used illegally or the money from the user’s bank account was withdrawn suspiciously. Also the emails usually state that inorder to stop the illegal transactions, the user will have to log into the system and enter/confirm all his details, or just reply back to the email with all the personal details.

Some emails even go so far as to include a link to another fraud look-a-like website that looks identical to the actual site. [|“These copycat sites are also called "spoofed" Web sites. Once you're at one of these spoofed sites, you might unwittingly send personal information to the con artists.” (Microsoft)]. Once vital information is exchanged via these spoofed sites then the artists get all the information and can use that in any which way they want.

=What are its effects?=

As mentioned before, the effects of this depend on the amount and type of information that is let out by the user. If vital information regarding bank accounts and credit cards are given out then that can cause major loss of capital, but it is still not as severe as the loss of personal information like Social Insurance Number and Health Card. Thus severity depends on the user and the abuser.

·It is estimated that between May 2004 and May 2005, approximately 1.2 million computer users in the [|United States] suffered losses caused by phishing, totaling approximately $929 million [|USD]. U.S. businesses lose an estimated $2 billion USD a year as their clients become victims. The [|United Kingdom] also suffers from the immense increase in phishing. In March 2005, the amount of money lost in the UK was approximately £12 million [|GBP]. (Wikipedia)

=How can you stop it?=

Generally speaking, phishing is not something that can be easily unmasked but if you follow certain rules and observations then it makes it a little easier. In addition to these rules, the FTC (Federal Trade Commission) has posted some tips and hints for all the consumers regarding phishing and how to stay safe. __**Stated below are the tips directly copied and psted from the FTC website**__ __**//(this is not original work but replication from the main website)//**__:
 * 1) Always conduct business and financial transactions in a secure server. This is usually characterized by a **__HTTPS__** instead of the usual **__HTTP.__**
 * 2) Never enter any private information in a pop-up, always conduct transactions within a website.
 * 3) Always keep yourself and your computer updated and protected. It always helps to know what bug, viruses or epidemics are going on outside your computer.
 * 4) Check the security certificate of the website. Secure site usually have a lock icon in the status bar.
 * 5) Check suspicious links by rolling your mouse over them. Sometimes during a mouse-over, the true link or website might get revealed.
 * **If you get an email or pop-up message that asks for personal or financial information, do not reply. And don’t click on the link in the message, either.** Legitimate companies don’t ask for this information via email. If you are concerned about your account, contact the organization mentioned in the email using a telephone number you know to be genuine, or open a new Internet browser session and type in the company’s correct Web address yourself. In any case, don’t cut and paste the link from the message into your Internet browser — phishers can make links look like they go to one place, but that actually send you to a different site.
 * **Use anti-virus software and a firewall, and keep them up to date.** Some phishing emails contain software that can harm your computer or track your activities on the Internet without your knowledge.Anti-virus software and a firewall can protect you from inadvertently accepting such unwanted files. Anti-virus software scans incoming communications for troublesome files. Look for anti-virus software that recognizes current viruses as well as older ones; that can effectively reverse the damage; and that updates automatically. A firewall helps make you invisible on the Internet and blocks all communications from unauthorized sources. It’s especially important to run a firewall if you have a broadband connection. Operating systems (like Windows or Linux) or browsers (like Internet Explorer or Netscape) also may offer free software “patches” to close holes in the system that hackers or phishers could exploit.
 * **Don’t email personal or financial information.** Email is not a secure method of transmitting personal information. If you initiate a transaction and want to provide your personal or financial information through an organization’s website, look for indicators that the site is secure, like a lock icon on the browser’s status bar or a URL for a website that begins “https:” (the “s” stands for “secure”). Unfortunately, no indicator is foolproof; some phishers have forged security icons.
 * **Review credit card and bank account statements as soon as you receive them** to check for unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.
 * **Be cautious about opening any attachment or downloading any files from emails** you receive, regardless of who sent them. These files can contain viruses or other software that can weaken your computer’s security.
 * **Forward spam that is phishing for information** to spam@uce.gov and to the company, bank, or organization impersonated in the phishing email. Most organizations have information on their websites about where to report problems.
 * **If you believe you’ve been scammed, file your complaint at [|ftc.gov]**, and then visit the FTC’s [|Identity Theft website] at [|www.consumer.gov/idtheft]. Victims of phishing can become victims of identity theft. While you can't entirely control whether you will become a victim of identity theft, you can take some steps to minimize your risk. If an identity thief is opening credit accounts in your name, these new accounts are likely to show up on your credit report. You may catch an incident early if you order a free copy of your credit report periodically from any of the three major credit bureaus. See [|www.annualcreditreport.com] for details on ordering a free annual credit report.

References:

“Help prevent identity theft from phishing scams” Microsoft.com. 10 Feb. 2006 available at http://www.microsoft.com/athome/security/email/phishing.mspx and consulted on 25 Feb, 2006

”Phishing” Wikipedia.com. 12 Jan, 2004 available at http://en.wikipedia.org/wiki/Phishing and consulted on 25 Feb 2006.

“How Not to Get Hooked by a ‘ Phishing’ Scam” June 2005 available at < http://www.ftc.gov/bcp/conline/pubs/alerts/phishingalrt.htm> and consulted on 25 Feb, 2006

Image courtesy of the Microsoft Network and is available at [[[|http://www.ftc.gov/bcp/conline/pubs/alerts/phishingalrt.htm%7C%5D%5Dhttp://www.microsoft.com/athome/security/email/phishing.mspx]