Thursday, 4 February 2010

Hook, Line, and Sinker - Don't Let Them Go Phishing


The development of mobile Internet browsing has created a surge in phishing. This is due to vulnerabilities that occur due to hardware limitations on such devices like the iPhone.

A typical vulnerability concerns the iPhone's Mail and Safari applications. These applications are at greater risk from URL spoofing and could permit phishing attacks against iPhone users.

The vulnerabilities where known before the release of the iPhone on June 2007.

Your account has been phished!


The definition of Phishing is the illegal act of sending an email to a recipient falsely posing as an established, legitimate business. The sole intent of the phisher is to scam the recipient into surrendering their private information, and ultimately steal your identity.


Does the following scenario sound familiar to you. Have you ever received an email instructing you to visit a familiar website where you are being asked to update your personal information? The website requires you to confirm or update your passwords, credit card numbers, national insurance number, or even your bank account number. You acknowledge the business name as one that you’ve conducted business with in the past. So, you navigate to the convenient “take me there” link and proceed to enter all the information they have requested. Regrettably, you find out much later that the website is phony. With the sole intention to steal your personal information. You, my friend, have just been “phished”.

It has become increasingly more difficult to spot an email phishing for information. At an initial glance, the email may appear like it is from a legitimate company. The "From" field of the e-mail may have the .com address of the company mentioned in the e-mail. The clickable blue link even appears to take you to the company's website, when in fact, it is a bogus website built to replicate the legitimate site.

Don't forget that the majority of these people are professional criminals. They will spend the time and effort perfecting the authentic look. Using common sense while surfing the Internet can sometimes be difficult. While web design and coding gets more sophisticated it would still be difficult for the average user to spot the bogus site.

Users need to check all emails requesting personal information carefully. When passing judgment remember that the "From Field" can be easily altered by the sender. While it may look like it is coming from a .com you do business with, looks can be deceiving. Keeping in mind that the phisher will go all out in trying to convince his victim that this is the genuine article. He will spend time making the email and website look as legitimate as possible. They will even copy logos or images from the official site to use in their emails. Ultimately, they like to include a clickable link that the recipient can follow to conveniently update their information.

The simplest of methods to check the legitimacy of the link is to point at the link with your mouse. Then, look in the bottom left hand screen of your computer. The actual website address to which you are being directed will show up for you to view. It is a very quick and easy way to check if you are being directed to a legitimate site.

And lastly but by no means least you should follow the golden rule. Legitimate companies will never request sensitive information via email. Unless you have requested the email you are strongly advised not click the links within the text of the e-mail, and always delete the e-mail immediately. Once you have deleted the e-mail, empty the trash folder in your e-mail accounts as well.

For those that are genuinely concerned about missing an important notice regarding one of your accounts, then typing the full URL address of the website into your browser will give assurance and credibility of the website. Then you can have confidence in knowing that you are being directed to the true and legitimate website.

Phishing Facts

· It is estimated that a staggering 59 million phishing e-mails are sent each day

· About 1 in 6 phishing emails are opened

· Estimations from he U.S tell us that around 109 million adults received phishing e-mail attacks in 2006 compared with 57 million in 2004.




Add To Stumble Add To Technorati Add To Del.icio.us Add to Digg Add To Facebook Add To Yahoo Add To Google Bookmarks Add To Furl Add To Twitter Add To last.fm Add To Flickr Add To Linked In Feed of http://www.webexploits.co.uk/

1 comments: on "Hook, Line, and Sinker - Don't Let Them Go Phishing"

Endra Jaya said...

Just curios, what the different between spam email and phishing email.

Post a Comment