Phishing is defined as a crimeware technique that designed to steal the personal information such as the password, credit card detail and personal identity of the target users. Phishing scam can be appeared in many forms such as instant message program, mobile device message, fake website and others. Among all mentioned, the most famous phishing scam is done through illegitimate web sites. Phishers will begin by creating a fake web page that look exactly like an official web site. They will then send a lot of e-mail to target users. The e-mail usually contains the logo of reputable company to enhance the users’ confident. There will be also a link that brings the users to their fake website. Users will then ask to perform certain actions such as inserting their personal data. This is the time where the phisher get access to our private information.
Example of Phishing Activity
This is an example of hyperlink which connects the users to a fake web site. The actual link is http://192.168.255.205/wood/index.htm and not https://www.woodgrovebank.com/loginscript/user2.jsp which is the true link.
Example 7
The above web sites are all fake website. This can be shown as the URL is not the official URL. The web address is the address that created by the phisher.
Prevention method of phishing
Lastly, user could try to determine the reliability of web sites by entering wrong user name and password in the first place. A fake web site will always accept any user name and password inserted by the users.
Related Links:
- http://www.antiphishing.org/
- http://research.microsoft.com/en-us/um/people/chguo/phishing.pdf
- http://blog.saimatkong.com/index.php/2007/10/06/beware-of-paypal-pishing-scam/
- http://www.microsoft.com/protect/yourself/phishing/identify.mspx
- http://security.org.my/index.php?/plugin/tag/phishing
3 comments:
Testing with the false user name and password sound interesting. Logically, i believe it do work. Thank lot for the sharing.
Yaya. Hope to test and see.
Recently there's a news about TM phishing mails that requests streamyx accounts' information from users.. TM has declared a news based on that.. another phishing example..
Post a Comment