E-commerce Change the World

Hello readers. I’ll introduce the term phishing in this post. Besides, I will provide a few examples and prevention methods towards phishing. First and foremost, do you know what phishing is? It is “phishing” and not “fishing” although both words have the same pronunciation! A phishing (also known as carding or spoofing) expedition, like the fishing expedition it's named for, is a speculative venture: the phisher puts the lure hoping to fool at least a few of the prey that encounter the bait. Phishing is a fraudulent attempt using email messages and web sites designed to look as if they come from a known and legitimate organization, in order to deceive users to steal your personal information such as credit card number, social security number, account number or password.

According to About.com, there are a few examples of phishing identified.

Secondly is the Citibank phishing scam. The attacker claims to be acting in the interests of safety and integrity for the online banking community by instructing readers to visit a fake website and enter critical financial details.

Thirdly is the PayPal phishing scam. This PayPal phishing scams tries to trick recipients by pretending to be some sort of security alert that urges recipients to confirm their account details via the link provided where clicking the link actually takes the recipient to the attacker's website.

Example of email phishing scam

Example of website phishing scam

According to some tips from Windows Live, below are some signs of phishing for prevention purposes.

Unsolicited requests for personal information - Most businesses and organization would not ask for your personal information because they should already have this information in their file. If you get a request for personal information, call the company first and make sure the request is legitimate.

The phrase “Click the link below to gain access to your account.” - HTML-formatted messages can contain links or forms that you can fill out just as you’d fill out a form on a Web site. The links that you are urged to click may contain all or part of a real company's name, but the link you see is actually taking you to a phony Web.

The words “verify your account.” - A legitimate business will not ask you to send passwords, log on names, Social Security numbers, or other personally identifiable information through e-mail. Be alert of a message that asks for personal information no matter how authentic it looks.

Addressed as “Customer” - If your bank or other organization regularly addresses you by name in its correspondence and you get an e-mail addressed to “Dear Customer,” this may be a phishing attempt.

Alarmist warnings - Phishers often attempt to get people to respond without thinking, and a message that conveys a sense of urgency, perhaps by saying that an account will be closed in 48 hours if you don’t take immediate action, may cause you to do just that.

Mistakes – Another indication that could reveal phishing expedition is that phishers often slip up on the finer details and overlook typos, mistakes in grammar, and so on.

Below is a video that summarizes some prevention methods against PHISHING !

In my opinion, phishing will not succeed if we know how to identify it and also the preventions. Therefore, I hope this post will be useful to all internet users and let us be the "Phis-erman" =)