CLICK HERE FOR THOUSANDS OF FREE BLOGGER TEMPLATES »

Saturday, 21 June 2008

Phishing




In computer, phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication.



Phishing technique was described in detail as early as 1987, in a paper and presentation delivered to the international HP Users Group, Interex. The first recorded mention of the term “phishing” is on the alt. online-service.



Phishing is typically carried out by e-mail or instant messaging, and often directs users to enter details at a website, although phone contact has also been used. Phishing ia an example of social engineering techniques used to fool users. Attempts to deal with growing number of reports phishing incidents include legislation, user training, public awareness, and technical measures.



An example of a phishing e-mail targeted at PayPal users. In an example PayPal phish (right), spelling mistake in e-mail and the presence of an IP address in the link (visible in the tooltip under the yellow box) are both clues that this is a phishing attempt. Another giveaway is the lack of a personal greeting, although the presence of personal details would not be a guarantee of legitimacy. Other signs that the message is a fraud are misspellings of simple words and the threat of consequences such as account suspension if the recipient fails to comply with the message’s requests.



Social responses – one strategy for combating phishing is to train people to recognize phishing attempts, and to deal with them. Education can be promising; especially where training provides directs feedback. One newer phishing tactic, which uses phishing e-mails targeted at a specific company, known as spear phishing, has been harnessed to train individuals at various locations.


Technical responses – anti-phishing measures have been implemented as features embedded in browsers, as extensions or toolbars for browsers, and as part of website login procedures. There are some of the main approaches to the problems, such as helping to identify legitimate sites, browsers alerting users to fraudulent websites, augmenting password logins and eliminating phishing mail.



Monitoring and takedown – several companies offer banks and other organizations likely to suffer from phishing scams round-the-clock services to monitor, analyze an assist in shutting down phishing websites.

0 comments: