The Raw Truth About "Phishing": Spotting The Phishing Hook by Michael L. Roache
Phishing? What on earth is that! Was that a misspelling? Well, actually, no. Phishing is one of the latest internet phenomenon in which some criminal out there in cyper- space creates a "photocopy" website of a genuine one and lures his victim into volunteering sensitive personal info, convinced he is actually on the legitimate website.
Let's look at a classic example. I repeatedly see emails popping up in my bulk folder claiming that Paypal has identified an attempted fraud on my account. It then goes on to say that it is critical that I log into my account via link provided and change my personal details, making sure to stress that urgency of the change to avert further compromise.
Now here's the catch. After you unsuspectingly enter your password and other sensitive data, the phishing website then captures your password and all your personal particulars and what do you know: you just got hooked! You are suddenly no longer the only "authorized" person who has access to your account.
There is also the "telephone phisher" who calls and claims to be a customer service agent of Visacard or Mastercard. He will claim that there has been some fraudulent activity on your credit card, already having, in this scenario, your card number, but trying to phish your CVC (card verification code-last three numbers on the reverse of your card).
According to a case study released last November by Gartner Inc., of the 5000 adults who took theeir online survey in August, the average loss per phishing victim nearly quintupled from $257 in 2005 to $1,244 in 2006.
Pretty frightening eh.
To compound this problem, only 54% were able to recover in 2006 compared to 80% in 2005, due largely to a change in tactics by the scammers. While financial institutions remain prime targets, less traditional brands such as fictitious sweepstake contest are being employed.
Ebay and Paypal Are Primary Phishing Tanks
According to The Register, a number of Bank of Ireland customers had lost €113,000 through a fraudulent email scam. One customer is believed to have lost €49,000 after responding to a fake email, while other clients lost between €5,000 and €16,900. They have even conceded to compenate some of it's customers who together lost some €160,000, according to Irish Independent.
Gartner Inc. say that Ebay and Paypal are the top phishing targets., a release corroborated by Phishtank, a community- based anti-phishing network. Phishtank goes on the say that some 1,493 distinct scam sites impersonated PayPal last October alone, with another 1,210 phishing sites targeting eBay.
Because of my online experience, I have a keen sense of scamming tactics and was able to avert an attempted attack on my identity. Using a Paypal website "image" the phisher tried to get me to login under the guise that my Paypal account has been compromised. I forward the email to Paypal and they justified my suspicions.
PayPal will never send you an email with the greeting "Dear PayPal User" or "Dear PayPal Member". Emails initiated by PayPal will address you by your first and last name, or the business name associated with your PayPal account.
For security purposes, PayPal will never ask you to re-enter your full bank account, credit, or debit card number without providing you with at least the last two digits of the nuimber.
Look Out! A 'Next Generation' Phishing Strategy Is On The Rise
Have you heard about the DIY man-in-the-middle phishing kits? Well, if not, hold on to your chair because this one is out and bad. If you are a seasoned webmaster, pay close attention to this breaking news.
Security experts at RSA Security reveal that the so-called "universal phishing kit" allows fraudsters to configure attacks for any target web site without the need for customisation and add that once fraudsters acquire and operate this kit, an attack can be configured to "import" pages from any target Web site.
The kit creates a fake URL that communicates with both the end user and a legitimate company web site. Spam e-mail is used to trick customers into entering account data at the bogus site, which phishes account details and multi-factor authentication information.
This data is then autmatically forward to the legitimate site to access accounts. Any data submitted to the site after the victim has logged into their account can also be stolen.
I know the above info can be a bit scary but don't throw your hands in the air and destroy your credit card, I have a few things to share with you on how you can help to hook the phisher.
Firstly, once you "smell" a phishing bait, don't hide, tell it. Go to Castlecops at http://www.castlecops.com/pirt and paste in full email source of phish. Castecops and Sunbelt Software have teamed up to launch a global phishing termination operation through a volunteer PIRT (Phishing Incident Reporting Termination) squad, funded by Castecops.
Your report is then fed to more than 50 organisations across the web including Fraud Watch Int'l, Internet Crime Com- plaint Center, (IC3)Korea Internet Security Center etc.
Observe the following do's and don'ts:
>Do not click on the link in an email that asks for your personal information.
>Do look for "https" and a padlock on a site that requests personal information.
>Do pay attention to your statements
>Don't download attachments, software updates or any application to your computer via a link you received in an email.
>Do report any suspected phishing activity to CastleCops at http://www.castlecops.com/pirt
That's my 2 cents for today. I hope I have helped to make you more aware of those phishing baits around you while you swim in the cyber ocean.
About the Author
Michael Roache is an ordinary guy, just like you, who genuinely loves people and is committed to stay at home business success. With over 15 years banking experience, Michael has a keen sense of investment and money management. He is currently helping ordinary people make money using a 100% tested and proven, guaranteed system that pulls traffic. Start making money online today