Wednesday, August 31, 2011

Phishing

Phishing got its name from fishing as fishers lure fish to its bait, fish sees the bait as real but it was not. In online world, similar ways applies. The term Phishing or Phishers is used for those who steal users' valuable information like online bank accounts.

The scenario: phishers sets up a site mimicking a legit site. User could be deceived on a phishers' site. Lured, user could entered their login information on the phisers's site. The login system is not really meant for logging in but instead it saves your login account information and latter will now be used by phishers.

Sample of Phishing by E-mail also known as E-mail Spoofing:

Phishing E-mail by [email protected]

[Click the screenshot image below to enlarge]


As you can see on the screenshot above, analyzing it, the email was written in an attention-calling manner. Don't panic. Observed closely, look at the second screenshot below:

[Click the screenshot image below to enlarge]


Judging their e-mail address, you'll notice something wrong. The domain name used was paypalc.com . PayPal.com is not PayPalc.com, they are not connected in any way. To test, visit the domain PayPalc.com and see what's on their page (in other phishing scheme, phishers make their site more look legit, it is their real intention to mislead users for their thievery). Please look at the last screenshot below:

[Click the screenshot image below to enlarge]


Observing their page, the domain is parked, meaning it has no useful content on the page. I assume they're already suspended before I checked it.

How can I protect myself from this Phishing threat?


Phishing can happen anytime. Phishing site is everywhere. Everyone can be a victim but don't be victimized. Just be observant. Usually, phishing attack starts at e-mails. Here's some of my advise to avoid them:

  • Don't get your e-mail posted in public (e. g. if your Facebook is public and your e-mail is visible then you can be a target by Phishers). It's okay to make your e-mail visible if it is not for personal use such as you also use that e-mail for PayPal. You know.
  • If you are a blog hopper. Loves to comment on stranger's blog, please do observe. I know for blogging reason that you want to get a feedback from your comment, we leave e-mail address on the comment. Please observe if the site or blog is owned by a good human, if it is not then it is a Phishing spot.

1 comment:

  1. Emails are also prone to phishing. Much like websites with fake log-in fields, emails are based on social engineering.

    ReplyDelete