In the field of computer security, phishing is the kind of social engineering which usually refers to fraudulent process of attempting to acquire sensitive information such as usernames, passwords, credit card details and other by masquerading as a trustworthy entity using existing Internet services. Mostly those sensitive information are generally used for others financial benefit. Typically, phishing messages are carried out by e-mail, leading user to make a click on fake link which leads him to the forged web server. For the purpose of phishing, also the other services may get useful, like forums or services for direct communication (Windows Messenger, Skype, Google Talk etc.).
Some forms of phishing
Mostly used methods of phishing:
- faked links in e-mail messages (link leads user to web page where he’s asked to enter his username and password or other sensitive information)
- forged web sites (criminals use scripts for changing/hiding forged URL of web site and make it look like legitimate.
- URL manipulation (use of similar words in links, Internet domain or sub domain, so it looks like name of legitimate URL). Selecting such link, the user is lead to the fraudulent web site.
- false popup window on legitimate web sites of banks (false popup windows with fields for entering sensitive information. Popup window is being showed during visiting the legitimate web server.
How to avoid phishing
- never answer to e-mail messages who requests personal information – financial institutions have yours personal information, and it’s small possibility you’d be asked for some sensitive information through e-mail by well-known firm
- never start by clicking on suspicious links – mainly, those links are placed inside suspicious unexpected e-mail messages
- do never follow links, if you’re not sure who’s the e-mail sender – it is recommended to use digital signing for this purpose
- use software for spam filtering – they will decrease the number of unwanted messages with fraudulent links which are received daily by most of users
- use antivirus software – recognizes malicious software which can also be useful for collecting personal information
- use personal firewall – control inbound/outbound traffic and tracking of possible suspicious activities
- use antispyware software
- regularly update software you use
- keep monitoring states of your accounts
- use good passwords and change them often – good passwords consists of combination of big and small letters, numbers and symbols, making them very difficult to break
- when visiting web page, check if you use HTTPS protocol before entering any sensitive information – web address of financial institution should begin with https:// instead of http://
- always (obligatory) check certificate of web server before entering any sensitive information
- be along with and keep tracking of new information about phishing on the Internet – security education is the most efficient defense from phishing attempts