Monday, November 10, 2008

Phishing Lessons


No, I did not make a spelling mistake in the headline. I spelt it right: ‘phishing’, some of you might have already heard it, is something you could be on the receiving end of if you are not careful. Today, I will tell you about phishing and how you can save yourself from an attack.

What really is a phishing attack?
To put it simply a phishing attack is an e-mail, sent to you purportedly from your bank, asking you to reset your password by clicking a link in the mail. Once my uncle got a mail from his bank saying his account had been hacked. The mail asked him to visit a website and re-enter his username and password to reset his account and make sure that the hackers don’t siphon away money. After some discussion I convinced my uncle that his account had not been hacked into and he was just on the receiving end of an unsuccessful phishing attack.

By definition, phishing is a type of deception designed to steal your valuable personal data, such as credit card numbers, e-mail IDs, passwords or bank data. The mail can originate from what will appear to be an authorised sender, your social networking site or a fake website, and come even on your instant messenger or cell phone.

What does a phishing attack look like?
Regular e-mail users might have already noticed subjects or mails with messages such as:

“Verify your account”, “You have won the lottery”, “If you don’t respond within 48 hours, your account will be closed”, “Security advisory”, “2008 A-category results” and the like. You could even receive an e-mail from your bank, software vendors, or an online portal asking you to update your credit card information. Never respond to such mails.

Then there is the advance fee fraud, popularly known as the lottery scam. These are mails, often attributed to companies like Yahoo and Microsoft, claiming you have won an obscene amount of money, and asking for an advance fee so that they can transfer the lottery amount in your name. Well, the world is not such a simple place.

So how do you protect yourself?
We are always in a hurry, the world demands us to be that way. It is this sense of urgency that the scamsters want to exploit, they want you to respond immediately without thinking. A phishing mail can even go to the extent of saying that if you do not take action in the next 24 hours your account will be frozen. Just stay calm. Call your bank/vendor and make sure they have asked for this information. If they say they have not sent any mail, just delete it.

But there are a few other things you should do. First get the latest version of an antivirus and Internet security suite— please don’t buy a pirated CD. Download/buy original software from www.symantec.com, for Norton Antivirus, or www.avg.com for AVG. These software have anti-phishing filters built in, and will alert you the moment it detects phishing. This is one good reason you should have a legal antivirus, a legal genuine software, and the latest patches.

If you don’t want to spend money, get yourself either the latest version of Internet Explorer from www.microsoft.com or download the latest version of Firefox from www.mozilla.com
—both have an internal anti-phishing engine built in to alert you when you are on a site that steals data. However, the most important prevention is not to take a rash decision, or answer to the e-mails in a hurry.

--
The Above article appeared in the Indian Express, Dated 9th November 2008

Bookmark and Share

Labels:

Posted by The Big Geek at 3:37 PM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)
Creative Commons License
Writings by Gagandeep Singh Sapra by Gagandeep Singh Sapra is licensed under a Creative Commons Attribution 2.5 India License.
Based on a work at www.thebiggeek.com | www.gagandeepsapra.com | www.g-spot.in.
Permissions beyond the scope of this license may be available at www.thebiggeek.com.