What is “Phishing”?
Phishing is the process where an attempt is made to fraudulently extract sensitive information from someone, such as credit card details, user name and password, using electronic communication.
Users are often deceived by Instant messaging or an email which directs them to a false website, where they are asked for sensitive information. These requests often come from popular websites like Facebook, MySpace, eBay, Yahoo, etc.
Another part of this fraudulent process is achieved by “keylogging”. This is where keystrokes and mouse operations are recorded, and screen shots are captured enabling access to the Protected Storage Area in Windows where Internet Explorer stores passwords. According to the Anti-Phishing Working Group, the number of keylogger programmes has more than doubled in one year to 180.
Security researchers are concerned that identity thieves and hackers are not just using keyloggers to steal sensitive information but the information captured in this way is often placed on unprotected FTP sites where it is available to anyone who encounters it. These servers are packed with stolen information from all over the world and in many languages. The information held includes Hotmail, Yahoo and other email account information, IP addresses, other usernames and passwords, etc. Criminals use complex methods to sift through the data to find what they are looking for.
Despite the obvious dangers many people neglect PC security and use their PC without anti-virus protection or spam blockers. If your PC is unprotected, criminals can use unknown programmes on your PC to contact the web. Therefore, it is essential that your firewall is capable of protecting your PC from this type of danger – not all built-in firewalls do. You should re-use your passwords but avoid using the same password and username at different sites. You should also note the following safeguards.
– Don’t react to urgent or excitable requests for personal information. Remember that banks do not ask for password details via email.
– Don’t click on embedded links – type the website address directly into the web browser. Contact your bank if you are suspicious.
– Note that e-commerce companies usually personalize their emails. Always check the website address line to verify.
– Criminals are now replicating the “http://” that appears when you are on a secure server. They are also duplicating the yellow lock that appears at the bottom of the page which contains the security certificate number for the site. If you get a message saying that the security certificate number does not match the site address you should close your browser.
– Install a web browser toolbar that identifies and protects you from known phishing websites.
– Report all phishing attempts as soon as possible.