Phishing, in practical terms, is an attack used by hackers to gain access to private information such as credit card numbers, social insurance numbers and user passwords. Rather than breaking down a physical or technological barrier, phishing is a social engineering attack where targets are typically duped into providing this information directly to false versions of legitimate websites run by the hackers. Personal information can then be used for fraudulent purchases, resale to third parties and even identity theft. While there are no universal statistics on the number or nature of phishing scams, most security websites agree on the following â€“
-Financial Services is the most targeted industry sector overall
-Paypal, Ebay, Amazon and the major banks are the most targeted companies
-North America is both the primary target audience and the region were the largest number of phishing sites are hosted
-Websites are by far the most popular portals through which to gather information, although an increasing number of phishing scams instruct targets to call a telephone number
Below are screenshots from a phishing email I recently received. Have a look at the warning signs â€“
Subject Line implies user information is outdated
The subject line typically implies that your user information or financial particulars need to be manually updated.
Incorrect recipient address information
Incorrect addresses include:
-Name spelled incorrectly
-Incorrect email address that mysterious reaches your inbox
-Email is addressed to multiple recipients
The email sent to me had the wrong address but the correct domain, which made it worth obscuring for the purpose of this tutorial.
Phishing scams rarely know the real names of its targets and tend to rely on general greetings like â€œDear user â€“â€œ
The email could imply that updating user information is mandatory for the user or that the same email was sent to all users for the company being spoofed.
Hyperlinks in email messages should be distrusted in general, but long and convoluted hyperlinks like the one above should cause heightened suspicion. As you can see, the URL ends in a .dll file which is very irregular. Also this apparently â€œebay linkâ€ has a very long URL that contains what appears to be a randomly generated number. This is a sign that the URL itself is temporary and automatically generated such to stymie anti-phishing efforts by police and corporations. URLâ€™s containing raw ip address (eg 184.108.40.206) are also a strong indicator that the email is not legitimate.
No offer of additional information
There is no URL FAQ or phone number contact for users wanting to inquire about privacy concerns or why personal information needs to be updated.
Warnings from email client
A well-designed email client can detect many of the irregularities listed as well as check for suspicious points of origin (e.g. spoofed emails) and links to insecure servers. In this case, Thunderbird has cautioned that the URL does not in fact redirect to a subdomain at ebay as the email displays, but rather an unknown website in Hong Kong
Warnings from web browser
If for some reason you actually clicked on the URL in spite of previous warnings, your web browser might give another warning still. In this case, Firefox has alerted me that the URL has already been reported as a forgery. Although itâ€™s hard to see in the above screenshot, the URL background is white, which in Firefox (and most browsers) means that I am not on a secure connection â€“ kind of strange for a site requesting secure personal information, non?
Most phishing email messages wonâ€™t contain all of the above characteristics and probably will contain other defining characteristics not mentioned. Phishing is an evolving practice due to its lucrativeness and increased usage by organized crime. If you receive an email that contains one of the above characteristics then be extremely cautious. Email messages containing more than one should probably be reported to your ISP and immediately discarded. If the email is threatening the termination of a service, simply let it happen. No company worth doing business with is going to maintain its records by firing off thousands of email messages to various Hotmail and Yahoo accounts in hopes of reconciling its financials.
As for anti-phishing software, there is no silver bullet application to prevent 100% of attacks. Personally, I have found that a combination of Thunderbird email client, Firefox web browser and ZoneAlarm Security Suite have identified every phishing attempt received so far. Microsoft Internet Explorer 7 also has anti-phishing facilities that are said to be effective.
If you ever read webhosting reviews of reputable hosting companies, youâ€™ll have an idea that these hosting service providers provide good scam protection besides their cheap web hosting services. Just read the detailed review of ix web hosting or the famous hosting company powweb. Therefore, itâ€™s not desirable to always prefer the cheapest hosting web that doesnâ€™t supports other features.