Phishing is a way of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail spoofing or instant messaging and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to deceive users, and exploits the poor usability of current web security technologies. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures.
A phishing technique was described in detail in 1987, and the first recorded use of the term “phishing” was made in 1996. The term is a variant of fishing, probably influenced by phreaking, and alludes to “baits” used in hopes that the potential victim will “bite” by clicking a malicious link or opening a malicious attachment, in which case their financial information and passwords may then be stolen.
Phishers send an e-mail or pop-up message that claims to be from a business or organization that you might deal with – for instance, your Internet Service Provider (Cal.net), online payment services or bank. Often, this e-mail or pop-up window is very official looking and might even contain a company logo. The message usually indicates the need to “update” or “validate” your account information. It then directs you to a Web site that looks just like a legitimate organization’s site, but it isn’t. When you visit the Web site, it requests personal information that the operators then use to steal your identity or commit crimes in your name.
Five Steps You Can Take to Protect Yourself:
1. Don’t Click on Suspicious Links
If you receive an e-mail or pop-up message that asks for personal or financial information, don’t reply or click on the link in the message. If you are concerned about your account, contact the organization in the email using a telephone number that you know to be legitimate.
2. Never Email Sensitive Data
Don’t send personal or financial information via e-mail. It’s like handing a thief your wallet.
3. Check Your Financial Records Often
Review your credit card and bank account statements often to determine whether there are any unauthorized charges. Notify immediately of suspicious charges.
4. Keep Your Anti-Virus & Spyware Current
Use anti-virus software and keep it up-to-date. Some phishing e-mails can contain software that will harm your computer. Additionally, this software can track your Internet browsing habits without your knowledge. Up-to-date anti-virus software can help protect your computer from inadvertently accepting these types of files.
5. Don’t Open or Download Unknown Files
Be cautious about opening any attachment or downloading any files from e-mails you receive, regardless of who sent them. You can assess its contents in the bottom window pane without opening and then delete.
If you believe you’ve been a victim of a phishing scam, notify Cal.net Tech Support immediately and file a complaint at www.ftc.gov. Below is a replica of the malicious email:
From: “Technical Support” <firstname.lastname@example.org>
Sent: Wednesday, June 08, 2011 4:24 AM
Subject: Cal.net Account Subscriber
> Attn: Cal.net Account Owner,
> Your Webmail Quota Has Exceeded The Set Quota/Limit. You Are Currently
> Running On low GB Due To Hidden Files And Folder On Your Mailbox. In Order
> To Increase Your Webmail Quota, You Must Validate Your Account Below:
> Email Username……….
> Email Password……….
> Confirm Password……….
> Failure To Validate Your Webmail Quota May Result In Loss Of Important
> Information In Your Mailbox Or Cause Limited Access To It.
> Thanks for bearing with us.
> Customer Care Unit,
> Webmaster Team.
> © Copyright Cal.net 2011
You can also visit the FTC’s Identity Theft Web site to learn how to minimize your risk of damage from ID theft. Go to: http://www.ftc.gov/idtheft. Or contact the antiphishing group: http://www.antiphishing.org/
Here is a short video explaining Phishing Scams http://www.youtube.com/watch?v=sqRZGhiHGxg