Phishing: Examples and its Prevention Methods



I remember that I had once asked this question to my parent, “Why don’t you transfer your money online instead of driving long hour to the bank”. Then, this is what I get for feedback, “It’s too dangerous, son”.

What do they mean by dangerous? I later found out that the term dangerous was referring to password stealing, personal financial information exposed and also account being used. They were afraid that someone might just withdraw their money without their consent. Why do most people perceive it in this way? One of the roots of this is due to the phishing.

Phishing is defined as a crimeware technique that designed to steal the personal information such as the password, credit card detail and personal identity of the target users. Phishing scam can be appeared in many forms such as instant message program, mobile device message, fake website and others. Among all mentioned, the most famous phishing scam is done through illegitimate web sites. Phishers will begin by creating a fake web page that look exactly like an official web site. They will then send a lot of e-mail to target users. The e-mail usually contains the logo of reputable company to enhance the users’ confident. There will be also a link that brings the users to their fake website. Users will then ask to perform certain actions such as inserting their personal data. This is the time where the phisher get access to our private information.


Example of Phishing Activity

Example 1

Example 2

Example 3

The above the phishing e-mails urge the web user to verify their account by entering to their link. The emails also contain the logo of the company to enhance the credibility of the e-mail.

Example 4

This is an example of hyperlink which connects the users to a fake web site. The actual link is http://192.168.255.205/wood/index.htm and not https://www.woodgrovebank.com/loginscript/user2.jsp which is the true link.

Example 5

Example 6

Example 7


The above web sites are all fake website. This can be shown as the URL is not the official URL. The web address is the address that created by the phisher.


Prevention method of phishing


According to research done by The Anti Phishing Working Group (APWG), there was a dramastic increase of phishing activity being reported in the year end of 2008. It shows that more and more people were being fool by phisher;s action. Therefore, safety measures are advice to be taken to prevent ourselves from being a figure in the statistic.

Firstly, computer users should always be suspicious on every e-mail that required them to perform actions relating to their sensitive personal information. They should be alert and aware of the reliability of e-mail. Confirmation with the related party such as the bank should be obtained before taking any action requiring the users’ information.


Next, users should always ensure their web browsers are up-to-date. Nowadays, most of the latest web browsers contain the function of filtering on reported phishing web sites. It able to tell the users which sites are safe to enter and which are not. For instance, window explorer version 7 and above consist of Microsoft Phishing Filter to help protect users from fraud.


Thirdly, users should avoid clicking on the link directly from the e-mail. The phished link is always dress with real company’s name or URL, it lead the users to their illegitimate web site instead of the official web sites. In this case, users should always check for the link real address by pointing on the link. In order to be safe, web users could retype or copy the link address bar as compare to clicking straight the hyperlink.

Besides, installing online anti-phishing software is another measure that could secure the web users. It helps to detect phishing web site either from its blacklist store in the database or according to the rule and standard being set. Examples of software are Trust Watch, MyIdentityDefender , Phish Guard and others.

Lastly, user could try to determine the reliability of web sites by entering wrong user name and password in the first place. A fake web site will always accept any user name and password inserted by the users.

Based on my research and what I have written above, I personally feel that it is difficult to arrest and stop those who is involving in the phishing activity. The cyber crime is far harder to be stop compare to other crime. What a web user can do is to take charge of themselves. They should take extra cautious when dealing with activities which require them to disclose their personal data. Furthermore, they should also get explore and update their knowledge regarding internet’s new and crime. As everyone is doing their part, I’m sure that number of cyber crime will fall to the lowest amount.

-------------------------------------------------------------------------------------------

Related Links:

3 comments:

Tan said...

Testing with the false user name and password sound interesting. Logically, i believe it do work. Thank lot for the sharing.

Edwin said...

Yaya. Hope to test and see.

cai xuan said...

Recently there's a news about TM phishing mails that requests streamyx accounts' information from users.. TM has declared a news based on that.. another phishing example..

Post a Comment