Phishing is a scam, where a stranger sends an email which appears as if it is from a trusted organization to a normal user to get his personal and financial information. For example, when you receive a mail from a bank to update your personal bank account 18 information and when you click on the link to update the information a separate window opens which looks like a original bank site, where it asks for account information, password and other details. When you enter the information and press enter it will go to the hands of strangers and not to the bank site.
Protection from Phising attacks
When user receives an e-mail asking him to visit his bank’s web site, it signifies the beginning of a phishing fraud. The e-mail would usually provide a link to bank’s web site and ask the user to click the link. It would ask him to provide certain confidential banking information like his account number, credit card number etc., failing which his account would be doomed. There would be a sense of urgency and panic in the e-mail. This type of attack is called as phising attack.
Here is a checklist which helps to prevent this type of attack :
• Check to see if the e-mail is indeed from the user’s bank and not from just any bank. If it isn’t, stop reading further and confirm the same from the by using other means like telephone.
• If the e-mail is not personally addressed to the user, it is most probably a fraud.
• Check the language and spelling of the text contained in the e-mail. If the user find misspelled words or substandard language, conclude that it is not from his bank.
• If the e-mail urges the user to act immediately without delay, failing which his account will be closed down, stop reading it. It is not from user’s bank.
• If there is anything that even remotely feels wrong, stop. If something feels wrong, it is most probably wrong.
• Never click any link given inside the e-mail message. Instead, directly type the URL of the financial institution.
• If the user does not know the URL of his bank’s web site, take the time to call them immediately to find out.
• User should never provide personal information to anybody, come what may.
Identity theft is a term used to refer to a fraud that involves stealing money or getting other benefits by pretending to be someone else. This information can also be used by the criminal to create new bank accounts or used to access existing bank accounts. The Internet has made it easier for an identity thief to use the information they've stolen because transactions can be made without any personal interaction. There are many ways for retrieving one's personal information. Some of them are retrieving personal paperwork and discarded mail from trash dumpsters (dumpster diving) is one of the easiest ways for an identity thief to get information. Another popular method to get
information is the identity thief simply stands next to someone and watches as the person fills out personal information on a form. This method of retrieving personal information is known as shoulder surfing. The person whose identity is used can suffer various consequences when they are held responsible for the perpetrator's actions.
Preventive Measures to Avoid Identity Theft
§Be aware of “Dumpster diving” and make sure not to throw anything that contains personal information. Since this information if once in the hands of wrong persons can be misused for their benefits. So before throwing such kind of things tear it in to pieces and throw it.
§Be careful while accessing bank accounts at ATM's. Shoulder surfers can see your pin numbers and try to access your account.
§Cancel all credit cards that are not in use or have not been used for a long time. Since Thieves use these very easily - open credit is a prime target.
§Use strong passwords for all your accounts.
§Make a note of the time required to issue a new credit card or renewal of the old credit card. So that if they are not received in appropriate time call the credit card grantor and find out whether the card has been sent. If it has been sent, find out if any change of address has been filed.
§Don't carry cards that are not in use for a long time and which reveals your personal identity.
§Before giving personal information to any one, first find out why do they need it and find out whether your personal information is protected. In no case, give it to someone who can't establish their identity, never over phone or email.
§If a person calls you at home or at work, and you do not know the person, never give out any of your personal information. If they tell you they are a credit card grantor of yours, call them back at the number that you know, and ask for that party to discuss personal information. Provide only information that you believe is absolutely necessary.
§Get credit cards and business cards with your photograph on them.
§Do not put your credit card account number on the Internet (unless it is encrypted on a secured site.) Don't write account numbers on the outside of envelopes, or on your cheques.
§Order your credit report at least twice a year. Review it carefully. If any thing was found suspicious, report to the concerned authority about that.
§Monitor all the statements of your credit card every month. Check to see if there is anything that you do not recognize and call the credit grantor to verify that it is truly yours.
Do not Visit Untrusted Websites
It is always recommended that the user should not visit the untrusted websites or download software’s, screensavers or games etc from those untrusted sites. There is a possibility that these types of application software install some kind of malicious code on the user’s system, which can be used to launch attack on other computer systems without any consent of the user.
It refers to any kind of communication over Internet. In an Email when we send a message to an individual the reply can be obtained immediately or after some period of time till he checks his mail box. In online chat we will get the reply immediately after sending the message. Here the users on both side should be on line to chat with each other.
Internet chat applications, such as instant messaging applications and Internet Relay Chat (IRC) networks, provide a mechanism for information to be transmitted bi-directionally between computers on the Internet. Chat clients provide groups of individuals with the means to exchange dialog, web URLs, and in many cases, files of any type. Because many chat clients allow for the exchange of executable code, they present risks similar to those of email clients. As with email clients, care should be taken to limit the chat client’s ability to execute downloaded files. As always, the user should be wary of exchanging files with unknown parties.
Now a day’s virus and phishing attacks are also targeted through the Instant Messaging clients.