Saturday, June 21, 2008

Examples of phishing and way to prevent phishing


Phishing is the process of attempting information illegally and fraudulently through the internet such as the usernames, passwords and credit card details by creating a fake websites which mislead the real company’s customers to enter their details at the website. Examples like the PayPal, eBay, and online banks. These are many examples of phishing e-mail such as showing below.

Click on the image to enlarge it.

For more examples, visit the link below.

http://www.chase.com/ccp/index.jsp?pg_name=ccpmapp/privacy_security/fraud/page/fraud_examples


Below are the methods that can prevent phishing:

Eliminating phishing mail

Specialized spam filters can reduce the number of phishing e-mails that reach their addressees inboxes. These approaches rely on machine learning and natural language processing approaches to classify phishing e-mails.

Monitoring and takedown

Several companies offer banks and other organizations likely to suffer from phishing scams round-the-clock services to monitor, analyze and assist in shutting down phishing websites. Individuals can contribute by reporting phishing to both volunteer and industry groups, such as Phistank.

Helping to identify legitimate sites

Since phishing is based on impersonation, preventing it depends on some reliable way to determine a website's real identity. For example, some anti-phishing toolbars display the domain name for the visited website. The pet name extension for Firefox lets users type in their own labels for websites, so they can later recognize when they have returned to the site. If the site is suspect, then the software may either warn the user or block the site outright.Browsers alerting users to fraudulent websites

Another popular approach to fighting phishing is to maintain a list of known phishing sites and to check websites against the list. Microsoft's IE7 browser, Mozilla Firefox 2.0, and Opera all contain this type of anti-phishing measure. Firefox 2 uses Google anti-phishing software. Opera 9.1 uses live blacklists from PhishTank and GeoTrust, as well as live whitelists from GeoTrust. Some implementations of this approach send the visited URLs to a central service to be checked, which has raised concerns about privacy. According to a report by Mozilla in late 2006, Firefox 2 was found to be more effective than Internet Explorer 7 at detecting fraudulent sites in a study by an independent software testing company.

An approach introduced in mid-2006 involves switching to a special DNS service that filters out known phishing domains: this will work with any browser, and is similar in principle to using a hosts file to block web adverts.

To mitigate the problem of phishing sites impersonating a victim site by embedding its images (such as logos), several site owners have altered the images to send a message to the visitor that a site may be fraudulent. The image may be moved to a new filename and the original permanently replaced, or a server can detect that the image was not requested as part of normal browsing, and instead send a warning image.

Augmenting password logins

A method to prevent simple phishing of transaction numbers (TANs) is to associate each TAN with a "lock number". The bank's server sends the lock number as a challenge, and the user provides the corresponding TAN as the response. The server selects the key-lock pair randomly from the list to prevent acquiring two consecutive TANs. Lock numbers are not sequential, so that phishers can only guess correct lock numbers.

1 comment:

Anonymous said...

wow.... we really have to beware of the risk that we may face on the net... ur information make me aware of the risk that we may not notice we are facing even we are using it everyday...