E-Commerce

Sunday, June 22, 2008

Phishing: Examples and its preventation methods

Phishing is the process of attemptingto criminally and fraudulently obtain sensitive information, by acting as a trustworthy entity in an electronic communication. PayPal, eBay and online banks are common targets. Phishing is typically carried out by e-mail and often directs the user to visit a Web sitea where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is falsified and set up only to steal the user’s information.

For example, 2003 the increasingly in a phishing that users received e-mails supposedly from eBay claiming that the user’s account was about to be suspended unless he clicked on the provided link and updated the credit card information that the genuine eBay already had. Unfortunately, up to 20% of unsuspecting recipients may respond to them and thinking they were actually being contacted by eBay and were subsequently going to eBay’s site to update their account information. This is because the e-mail looks official, and finally users being cheated and resulting in financial losses.

There are several different techniques to prevent or protect against phishing. One strategy to prevent phishing is to train users to recognize phishing attempts, and to deal with them. Users can be trained to have their suspicion aroused if the message does not contain any specific personal information. In addition, users can take steps to avoid phishing attempts by slightly modifying their browsing habits. When contacted about an account needing to be "verified" (or any other topic used by phishers), it is a sensible precaution to contact the company from which the e-mail apparently originates to check that the e-mail is legitimate. Alternatively, the address that the individual knows is the company's genuine website can be typed into the address bar of the browser, rather than trusting any hyperlinks in the suspected phishing message.

Another popular strategy to prevent phishing is to maintain a list of known phishing sites and to check websites against the list. Microsoft's Internet Explorer 7 brower, Mozilla Firefox 2.0 and Opera all contain this type of anti-phishing measure. Firefox 2 uses Google uses anti-phishing software. Opera 9.1 uses live blacklists from Phish Tank and GeoTrust, as well as live whitelists from GeoTrust. Some implementations of this approach send the visited URLs to a central service to be checked, which has raised concerns about privacy. According to a report by Mozilla in late 2006, Firefox 2 was found to be more effective than Microsoft's Internet Explorer 7 at detecting fraudulent sites in a study by an independent software testing company.

2 comments:

Manchester United said...

i like this topic so much, thank providing the excellent information.

il diavolo said...

thank giving the comment.

Come in and let's have some fingel lickin' good fun