A regular internet user will definitely have encountered many phishing attempts and few unsuspecting ones may have even fallen prey and lost heavily. This article is intended to shed light on Phishing and provide guidelines to the layman users to try and avoid such attempts. The technically savvy guys will obviously know how to protect them.
What is Phishing?
Phishing is defined by Wikipedia as the fraudulent attempt to acquire personal information of net users by criminals wearing the garb of legitimate entities. The intent is to make the unsuspecting receiver of the email from a legitimate looking entity to click on an embedded link.
Clicking on the link is the first misdemeanor, and giving out personal information willingly without ensuring the legitimacy of the website is the downfall. The effect can be unbearable - it is possible to lose all bank savings in a flash or become liable for large credit card dues for purchases the user never performed!
Methods of Phishing
Varying methods of phishing attempts are detected and the methods are constantly evolving. Email purportedly from Internal Revenue Services, well known banks, credit card companies, social networking websites, etc. asking the user to provide sensitive data (login name, password, email id, etc.) of the receiver was one such method.
Yet another method was use of a computer worm that take over the website pages and visitors to that web pages are misdirected to other pages with the intent of stealing personal data.
Victims of Phishing
In addition to an unknown number of individuals, many well known websites were compromised in the past and user database with personal information was stolen. In late 1996 MySpace suffered a phishing attack.
TD Ameritrade's database with over 6.3 million customer details was broken into. Another attack reported was on the USAjobs.gov, website run by Monster and personal information of over 146,000 users were stolen. And there are many other similar incidents.
How Phishing can be avoided?
Here is a quick checklist to bear in mind when out surfing, that should keep most users alert to the risks of phishing:
- Be aware that there are unscrupulous elements out there trying to extract your personal details for their nefarious uses. Therefore, be alert in all your internet activities.
- If you receive a mail that asks you to take immediate action, such as "to restore access to your bank account…." do not click on the link. No bank will ask you to give them your user ID and password. If in doubt, speak with the bank directly to find out the truth.
- Never reveal your personal information to anyone, however, trustful or genuine the requester may sound. Personal details are your private assets and should be used only by you. It is better to be cautious now than be sorry later.
- Avoid filling out forms in email messages, especially if the form requires you to fill in personal financial information.
- Log in to your online accounts regularly and check everything is alright.
- Do not leave your personal financial accounts unattended for long (even for a month). Make it a habit to check your credit/debit card statement of accounts regularly and if you notice anything unusual, get clarification immediately.
- Ensure that your web browser is the latest version with all security patches updated. EarthLink ScamBlocker browser toolbar is available for free download and installation.
Though anti-phishing laws exist in various countries/states, effective detection or prevention is extremely difficult because phishing attempts can originate from across borders with concealed identities. Therefore only constant personal vigil will go a long way in prevention of phishing attempts.
 |
