Wednesday, August 02, 2006

Phishing or Password harvesting - A computer crime

Phishing or Carding or Brand Spoofing is a term used to 'fish' for 'users' financial information or passwords.

Phishing is a computer crime in which phishers fraudently acquire sensitive information like credit card details and passwords.Phishing is carried out using fake emails or instant messages, where the phisher masquerades as a trustworthy person or business like a bank or an online organization such as eBay or PayPal.

The fake email directs the user to a bogus Website ( set up to steal the user's information) where the user is asked personal information such as passwords, credit card details, social security nos.and bank account numbers. The messages look quite authentic , featuring corporate logos and formats similar to those of the legitimate messages.

How to identify phishing messages

1. Emails containing spelling mistakes or bad grammar.
2. Lack of personal greeting.
3. Misspelled URLs or the presence of subdomains.
4. The presence of '@' symbol in the URL. Most browsers tend to
ignore all characters preceding the @ symbol.So a web address
http://www.PayPal.com@mysite.com may look like a page of
PayPal but will take you to mysite.com
5. Presence of an IP address in the link.

How to avoid getting phished

* Do not reply to emails or pop-up messages asking for personal
info. Do not click on the link in that message too.
* Use updated anti-virus software and a firewall. The anti-virus will
protect you from accepting unwanted files containing software can
harm your computer or track your activities on the Internet without
your knowledge.
A fire-wall will make you invisible on the internet and block all
communications from anauthorized sources.
* Do not email personal or financial information.
* Regardless of who sends them, be cautious of opening any attachment
or downloading any files from emails.
* Look for the 'lock' icon on the browser's status bar for secure
website.
* Install anti phishing software . It can be got for free at
www.Gralicwrap.com
* Review credit card and bank statements as soon as you receive them
and check for anauthorized charges.

Last but not the least, forward emails phishing for information to
spam@uce.gov and to the company, bank or organization which is being impersonated. Also, file your complaint at
www.ftc.gov if you believe that you've been scammed . Remember, victims of phishing can become victims of identity thefts.