~welcome to e-commerce world~

How to determine a phishing e mail?

1. Generic Greeting.

• Phishing e mails usually are sent in a large batch. Phishers usually will use such generic greeting such as “Dear customers”. The phishers do not to type all the customers’ name out and sent one-by-one. This is because it takes a lot of time, and they wish to get as much information as they can in a short period. If you receive such an e mail that does not contain your name, please do not click on the link and always be on the alert of such schemes.

2. Spelling errors.

• Phishing e mails usually will contain some spelling error. Once you see any errors in the e mail, it is clearly a phishing e mail.
  
  

3. Requests for personal information.

• The reason why phishers send phishing e mails to users is to track their personal information. If you receive such an e mail that requires you to provide personal information, usually it is an attempt to be a phishing email.
  

4. Sense of urgency.

• Phishing e mails usually will contain “If you do not update your personal information by clicking the above link, your account will be suspended or terminated”. They want you to provide information right away. Therefore, you will be afraid that if you do not act fast, something will happen to your account. The faster you provide information to them, the faster they can move on to the next victim.

5. Fictitious Link.

• Usually phishing emails will have a link for you to go to the website. However, the link that appears in that e- mail may not be the link that constitutes to the real organization. Roll your mouse over the link and see whether it matches the link that appears in the e mail; do not click on the link if there are any discrepancies. Websites that is safe to enter personal information will begin with “https” (s stands for secure); do not proceed if the link does not contain “s”.
  
  
  

How to determine a phishing website?

1. Poor resolution.

• Since phishers created the phishing website urgently, the website will be in a poor quality and will have a short lifespan. Be aware if the resolution of the logo and text strikes you as poor.

2. Fictitious URL.

• Although the link contains the name that you recognize, it may not necessarily the real link to the real organization. Read URLs from right to left – the real domain is at the end of the URL. Websites that are not safe to enter personal information will NOT begin with “https”. Be aware of such URL’s that begin with an IP address such as: http://12.34.56.78/firstgenericbank/account-update/ -- it is likely to be phishers.
  

References:

http://www.phishtank.com/what_is_phishing.php

http://www.phishinginfo.org/how.html

Examples of Phishing:












Process of phishing:

1. Planning.

• Phishers will determine which business to target and then determine how to get the customers’ e mail address of that business. They usually use the same mass-mailing and address collection as a technique.

2. Setup.

• The phishers will create a method of delivering the messages and collecting the data once they have determined which business to spoof and who their victims are. The phisher usually do this by sending e-mails which has the link to the fake web page.

3. Attack.

• Phishers will send false messages that would look like it is from a recognized source.

4. Collection.

• Phishers will then collect the information from the victims when they click on a link and perform any updates as stated in the link which they were brought to.

5. Identity theft and fraud.

• Phishers will then use the information they have gathered from the victims to make illegal purchases or commit fraud.

Ways to Prevention Phishing.

1. Awareness and Education.

• The main reason criminals can conduct phishing is because of the internet users’ lack of education and awareness of the existence of financial crimes targeted on them.
• Besides that, internet users may not know what are the internet policies and procedures when it comes to the confidentiality of consumers account information and maintenance issues. The company can distribute the general information on phishing in the company email or company’s website.
• Furthermore, companies also can remind the customers about their corporate policy and procedures when contacting customers regarding their account information. Both customers and employees need to have an understanding on how phishing works, understand how to determine whether an online transaction is secure and if it is authentic.

2. Targeting Hosting site.

• This method may be useful for those who seek to shut down the phishing site. The phishing e mails are used with the same method of mass- mailing infrastructure such as spam, affecting institutions and even law enforcement systems are made aware of a site hosting, resulting in the site to shut down.
• Companies that are affected have to implement ways to allow customers to submit the phishing e mails that they have received. These e mails, along with the web access logs for monitoring any suspicious activities, can help to indicate the existence of new phishing site. According to Anti-Phishing Working Group’s trends reports, it showed an approximate decrease of 10% in the average time online for a phishing site between the months of October 2004 and April 2005.

3. Web browser toolbar.

• A web browser toolbar has the ability to identify if a customer is viewing a possible phishing site. This toolbar functions by referring to a database of known FQDNs and IP address that have been reported as hosting phishing sites. It requires the phishing site to be observed and reported to the database.
• Certain toolbars offer a detection of potential phishing site by checking for certain heuristics that usually indicate that the site is not a legitimate commercial site. Example: the server IP address belongs to a network associated with a broadband service provider in a different country, other than the user.

4. Strong Authentication and Authorization.

• Two-factor authentication is a mechanism requiring two or more authenticators, usually consisting of something you know (such as a password or PIN) and something you have (such as a credit card or hardware token). For online transactions to be carried out safely, two-factor authentication is being implemented by providing the customer with a hardware token for generating a continually changing component for their authentication credentials. The goal is to protect the users if their authentication credentials have been captured by an attacker via electronic surveillance. The timeliness of the ever-changing component limits the attacker’s ability to use the credentials in the future.
• Another countermeasure being implemented by certain banks is the use of transaction numbers (TANs) for authorizing individual transactions. Customers will be sent a list of TANs with their monthly statement, and they are required to enter the next unused TAN when authorizing a transaction online. In addition, banks use another way whereby users receive a request for their TAN via an out-of-band mechanism, such as an SMS message on their cell phone.

5. Virus, Spyware, and Spam Prevention.

• With the marked increase in phishing malware, products that detect, prevent and execute the installation of malicious codes are an essential part for an environment of secured home computing and online buying and selling. These products must enable and, in the case of anti-virus and anti-spyware products, they must have up-to-date signatures. A large portion of recent malware attempts were done before a detection signature was able to detect and neutralize the malware. Furthermore, the attempts was to disable anti-virus and anti spyware software.
• Spam prevention has also contributed to the fight against phishing. Phishing emails use the same distribution mechanism as spam and they usually have several of the same characteristics. Email filtering based on content blacklisting, Bayesian filtering, blocking mail from known spamming/phishing relays, anti-forgery solutions such as Sender Policy Framework (SPF) and Sender ID, and other heuristics specifications towards phishing can help prevent a great number of phishing emails from reaching potential victims in the first place. However, spammers are continually evolving their tricks for bypassing filters [Schmidt] and the phishers can leverage this.

References:

http://computer.howstuffworks.com/phishing.htm

http://www.us-cert.gov/reading_room/phishing_trends0511.pdf

http://www.phishtank.com/what_is_phishing.php

http://www.phishinginfo.org/how.html