Information Communication Technology

PHISHING

Name : Nor Syamira Bt Ahmad Nazri

Class : 4 Nilam
Title :Phishing
Teacher:Cik Ilani Hamzah
The word phishing comes from the analogy that Internet scammers are using e-mail lures
to fish for passwords and financial data from the sea of Internet users.

Definition
Phishing is an act of sending an e-mail to a user falsely claiming to be an
established legitimate enterprise in an attempt to scam the user into surrendering private
information that will be used for identity theft.

The e-mail received might ask for:

• update their personal detail
• reactivate online banking accounts
• participate in surveys offering cash rewards.

Web sites that are frequently spoofed by phisher:

1. PayPal
2. eBay
3. MSN
4. Yahoo
5. BestBuy
6. America Online

How phishing works

Supposed you check your e-mail and found out a message from your bank claiming that
your account were about to be suspended unless you click on the provided link to update
or reactivate your account.But this e-mail seem suspicious then it was normally.Phisher
also can infect the computer with viruses.

This is how phisher phishing :

1. Planning.Phisher decide which business to target and determine how to get e-
mail addresses of the customers of that business.

2. Setup.Once the targeted the victim,phisher create method for delivering the
message and collecting the data.

3. Attack.This is the step people most familiar with.The phisher sends a phony
message that appear to be from a reputable source.
 4. Collection.Phisher record the information given by victim from web pages or
popup windows.

5. Identity theft and fraud.The phisher use the information gained from victim to
make illegal purchases or otherwise commit fraud.As many as a forth of the
victim never fully recover.

How to reconise phishing scam.

As scam artists become more sophisticated, so do their phishing e-mail messages and
pop-up windows.They often include official-looking logos from real organizations and
other identifying information taken directly from legitimate Web sites.

The following is an example of what a phishing scam e-mail message might look like.
To make these phishing e-mail messages look even more legitimate, the scam artists may
place a link in them that appears to go to the legitimate Web site (1), but it actually takes
you to a phony scam site (2) or possibly a pop-up window that looks exactly like the
official site.

These copycat sites are also called "spoofed" Web sites. Once you're at one of these
spoofed sites, you might unwittingly send personal information to the con artists.

What are the phrases commonly used by phisher

Here are a few phrases to look for if you think an e-mail message is a phishing scam:

1. Verify your account.Bank or a business should not ask their costumer to send
pass word ,login names,social society security numbers or other personal
information through e-mail.
2. If you don’t respond wthing 48 hours,your account will be closed.This
message convey a sense of urgency so that the user will respond immediately
without thinking.

3. Dear valued customer.Phishing e-mail usually sent out in bulk and often do not
contain the user first or last name.

4. Click the link below to gain access to your account.The link that you are urged
to click may contain all or a part of real company’s name and are usually
‘masked’ meaning that the link you see does not take you to that address but
somewhere different,usually a phony web site.

The following example that resting the mouse pointer on the link reveals the real web
address as shown in the box with the yellow background.The string of cryptic number
looks nothing like the company’s web address, which is the suspicious sign.
Con artists also use Uniform Resource Locators (URLs) that resemble the name of a
well-known company but are slightly altered by adding, omitting, or transposing letters.
For example, the URL "www.microsoft.com" could appear instead as:

www.micosoft.com
www.mircosoft.com
www.verify-microsoft.com

How to avoid phishing.

1. Watch out for phishy emails. The most common form of phishing is e-mails
pretending to be from a legitimate retailer, bank, organisation, or government
agency. The sender will asks the user to “confirm” their personal information for
some made-up reason.
2. Don’t click on links within emails that ask for your personal information.
Phisher use these links to lure people to phony Web sites that looks just like the real
sites. If the user follow the instructions and enter your personal information on the
Web site, the user will deliver it directly into the hands of identity thieves.
3. Beware of “pharming.” In this latest version of online ID theft, a virus or
malicious program is secretly planted in your computer and hijacks your Web
browser. When you type in the address of a legitimate Web site, you’re taken to a
fake copy of the site without realizing it. Any personal information you provide at
the phony site, such as your password or account number, can be stolen and
fraudulently used.
4. Never enter your personal information in a pop-up screen. Sometimes a phisher
will direct you to a real company’s, organisation’s, or agency’s Web site, but then
an unauthorized pop-up screen created by the scammer will appear, with blanks in
which to provide your personal information. If you fill it in, your information will
go to the phisher. Legitimate companies, agencies and organizations don’t ask for
personal information via pop-up screens. Install pop-up blocking software to help
prevent this type of phishing attack.
5. Protect your computer with spam filters, anti-virus and anti-spyware software,
and a firewall, and keep them up to date. A spam filter can help reduce the
number of phishing emails you get. anti-virus software, which scans incoming
messages for troublesome files, and anti-spyware software, which looks for
programs that have been installed on your computer and track your online activities
without your knowledge, can protect you against pharming and other techniques
that phishers use. Firewalls prevent hackers and unauthorized communications
from entering your computer – which is especially important if you have a
broadband connection because your computer is open to the Internet whenever it’s
turned on. Look for programs that offer automatic updates and take advantage of
free patches that manufacturers offer to fix newly discovered problems.
6. Know that phishing can also happen by phone. You may get a call from
someone pretending to be from a company or government agency, making the same
kinds of false claims and asking for your personal information.

REFERENCE

1. www.webopedia.com/TERM/P/phishing.html
2. searchsecurity.techtarget.com
3. comp.howstuffworks.com/phishing/html
4. www.fraud.org/tips/internet/phishing.com
5. www.wordspy.com
6. www.microsoft.com
7. dictionary.reference.com
8. people.seas.havard.edu/~rachna/papers/why_phishing_works.pdf
9. www.spamlaws.com/phishing-filter.html
10. www.ucertify.com/article/whatisphishingfilter.htm