Phishing in your Closet

Also known, as carding or brand spooting, phishing is gaining personal information for purposes of identity theft, using fraudulent e-mail messages that appear to come from legitimate businesses. ■ by Puja Goyal

PUBLISHED: Alive magazine, July 2006



Nowadays it is common to find the presence of websites in one’s e-mail accounts asking us to click on links in order to provide personal information. They also warn us that if we do not heed their request, our bank account and personal information might be wiped out.

However, one should beware of such mails. With increased dependence on the Internet for our financial, personal and business transactions, be it dealing in shares or transferring money or even sharing photos with our loved ones, the presence of unscrupulous phishers has also increased.

So, what is phishing? Also known as carding or brand spoofing, “it is a technique used to gain personal information for purposes of identity theft, using fraudulent e-mail messages that appear to come from legitimate businesses. These authentic looking messages are designed to fool recipients into divulging personal data, such as account numbers and passwords, credit-card and socialsecurity numbers,” says Russell Kay.

How does a Phishing scam normally work? You may receive an email that looks like it is from your bank, and requests you to click a hyperlink in the e-mail and verify your online banking information. Else, they warn you, “Your account will be closed or suspended.” The object of the sender is to induce you to disclose personal information, which they will use for their own purposes.

On 17 November 2003, many eBay Inc. customers received e-mail notifications that their accounts had been compromised and were being restricted. In the message was a hyperlink to what appeared to be an eBay web page, where they could re-register. The top of the page looked just like eBay’s home page and included all the eBay internal links. To re-register, the customers were told, they had to provide personally identifiable information, like credit-card data, social-security number, and date of birth, etc.

Example of phishing ...

The problem was that eBay had not sent the original e-mail — it was a prime example of phishing.

Phishers send out thousands of spam e-mails in the hope that someone will act on it. Basically, anyone with an e-mail ID can be phished. Email addresses that have been made public on the Internet in forums, newsgroups, or on a website, are more prone to phishing, because the e-mail address can be saved by spiders that search the Internet and grab as many e-mail addresses as they can.

This makes phishing a lucrative venture for scammers; they can cheaply and easily access millions of valid e-mail addresses to send these scams.

The phishers use the phished information to take over the victim’s account, and can do all that the victim does with his account — like transfer funds to other accounts, conduct transactions, issue cheques in the victim’s name and manipulate the account.

They can also change the account password, so that the victim is locked out of his or her account. If the phisher has stolen details of the victim’s credit cards, then he can make purchases too.

And if the scammer has enough information of the individual, he can do in the latter’s name, which could have serious repercussions for the victim.

How to spot a phisher in the inbox? Basically the phisher wants important, personal information from you. If you receive unsolicited mail from your bank, etc., for information, get suspicious! Do not be hasty in replying to it. There is no harm in referring to your bank about it and asking for clarification.

Phishing websites and scam emails are made to look genuine. The e-mail may arrive in HTML format and include the logos, styling, contact and copyright information identical to those used by the targeted institution.

To create the illusion of legitimacy, some secondary links may be included in their bogus e-mail leading to the institution’s genuine website. But, one or more of the hyperlinks in the body of the e-mail will point to the fraudulent website.

Phishing scam e-mails use excuses to elaborate why it is necessary for you to provide information — for example, it may say that the customer’s account details need to be updated due to a software or security upgrade. Or, the customer’s account may be terminated if account details are not provided. Or Fraudulent activity involving the user’s account has been detected and the user must provide information urgently. Or routine security procedures require the user to verify his account by providing requested information. (Remember, if it was that urgent, the legitimate company would have called you personally.)

How to avoid phishing !!

Phishers can be avoided. Do not use the same e-mail ID for all your online activities. You could have a personal e-mail ID for work and another ID for frivolous online activities. Do not supply personal information to anyone unless you confirm with the company personally.

If the e-mail sender is offended with you for not trusting his legitimacy, then so be it!! Your protection is more important and, if they are genuine, they will see your point.

Do not open any attachments; they could contain viruses and bugs. Delete the message as soon as possible.

If you are required to provide sensitive information, make sure that the site is secure. Use anti-spyware, firewalls, and anti-virus softwares to protect your system and remember to keep them updated. Always call and ask for confirmation.

Comments