Saturday, October 16, 2004

Gone Phishing

Is that a typo, you would ask? Well its not. According to wikipedia, phishing stands for password harvesting fishing. It is a type of social engineering attack.

Here is a brief summary from Wikipedia:
Phishers usually work by sending out spam e-mail to large numbers of potential victims. These direct the recipient to a Web page which appears to belong to their online bank, for instance, but in fact captures their account information for the phisher's use.

Typically the email will appear to come from a trustworthy company and contain a subject and message intended to alarm the recipient into taking action. A common approach is to tell the recipient that their account has been de-activated due to a problem and inform them that they must take action to re-activate their account. The user is provided with a convenient link in the same email that takes the email recipient to a fake webpage appearing to be that of a trustworthy company. Once at that page, the user enters her personal information which is then captured by the fraudster
.

Whenever you get an email that asks you about personal, financial or some kind of online account details, fire up your browser and type out the URL yourself (it is preferrable to bookmark it and use the same link everytime). Better still try and use the good old telephone and contact the company directly.

Unfortunately, like the offline world even the online world is full of scamsters, predators, con artists. Dont assume that things are safe here.

Also check out the FTC's consumer alert on spoofing: http://www.ftc.gov/bcp/conline/pubs/alerts/phishingalrt.htm


Comments: Post a Comment

<< Home

This page is powered by Blogger. Isn't yours?

Copyright Anand Jain 2004, 2005. All rights reserved.
Webmaster