Difference between revisions of "Phishing"

From WOT Wiki
Jump to: navigation, search
m
 
(11 intermediate revisions by 5 users not shown)
Line 1: Line 1:
[[File:Phish_mail.PNG|200px|thumb|right|A typical phishing email]]
+
[[File:Phish_mail.PNG|200px|thumb|right|A phishing email claiming to be from British bank Halifax. Note the fake web address - the real website is at halifax.co.uk]]
'''Phishing''' is the term used to describe the process of attempting to fraudulently acquire confidential information such as user-names, passwords and credit card numbers by pretending to be a trusted organization that the user recognizes.
+
'''Phishing''' is the term used to describe the process of attempting to fraudulently acquire PII such as user-names, passwords and credit card numbers by pretending to be a trusted organization that the user recognizes.
  
Phishing is usually carried out using e-mail or instant-messaging services, and pretend to be from an organization that is well known to the user, such as a bank, online payment processor (e.g. PayPal), auction site (e.g. eBay), social networking site (e.g. Facebook), or even the IT administrator of their employer or ISP. These phishing communications will typically direct users to enter their details at a fake website which bears a strong resemblance to the website of the organization they are masquerading as.
+
Phishing is usually carried out using e-mail or instant-messaging services, and pretend to be from an organization that is well known to the user, like a bank, online payment processor, auction site, social networking site, or even the IT administrator of their employer or ISP. These Phishing communications will typically direct users to enter their details at a fake website which bears a strong resemblance to the website of the organization they are pretending to be.
  
  
 
== Dangers of Phishing ==
 
== Dangers of Phishing ==
  
If a user enters details into a Phishing website, such as their user-name, password, or other confidential information, it will most likely be used by criminals to steal their identity.
+
If a user enters details into a phishing website, such as their user-name, password, or other confidential information, it will most likely be used by criminals to steal their identity.
  
 +
== How to Protect yourself from Phishing ==
  
== How to Protect yourself fro Phishing ==
+
'''Have good email habits''': Do not open any attachments, and do not respond to the links in an unsolicited email, instant message, or chat.[http://www.mywot.com/en/online-threats/phishing]
  
    * Have good email habits—do not respond to the links in an unsolicited email, instant message or chat
+
'''Protect your sensitive information''': Do not give your [[Personally Identifiable Information (PII)]] to anyone, whether it be over the phone or through email, unless you are sure that they are who they claim to be and that they should have access to the information; also make sure your connection to the website is encrypted.[http://www.mywot.com/en/online-threats/phishing]
    * Do not open attachments from unsolicited email
+
 
    * Protect your passwords and don't reveal them to anyone
+
'''Have an updated Anti-Virus and Firewall''': An Anti-virus software and firewall are essential in order to protect yourself from Phishing, [[Malware]], and other threats. Also, keep your browser up-to-date and apply all security patches.[http://www.mywot.com/en/online-threats/phishing]
    * Do not give sensitive information to anyone—on the phone, in person or through email—unless you are sure that they are who they claim to be and that they should have access to the information
+
 
    * Check a website's security before sending sensitive information over the Internet
+
'''Look out for Warning Signs''': When visiting a website, be sure to look for certain "warning signs". Phishers tend to use emotional language (ie: scare tactics) to get you to buy or download their product. Also, if a "trusted organization" asks you for [[Personally Identifiable Information (PII)]] in an email or instant message, they tend not to be legitimate.[http://www.symantec.com/norton/security_response/phishing.jsp]
    * Look at the site's URL. In many phishing cases, the web address may look legitimate but the URL may be misspelled or the domain is different (.com when it should be .gov)
+
 
    * Install and maintain anti-virus software, firewalls, and email filters to reduce [[Spam]]
+
'''Consult the WOT [[Scorecard]]''': Allows you to see if the site has been listed on any blacklists.[http://www.mywot.com/en/online-threats/phishing]
    * Keep your browser up-to-date and apply security patches
 
    * Consult the WOT scorecard to find out if the site has appeared on phishing blacklists
 

Latest revision as of 11:09, 7 January 2013

A phishing email claiming to be from British bank Halifax. Note the fake web address - the real website is at halifax.co.uk

Phishing is the term used to describe the process of attempting to fraudulently acquire PII such as user-names, passwords and credit card numbers by pretending to be a trusted organization that the user recognizes.

Phishing is usually carried out using e-mail or instant-messaging services, and pretend to be from an organization that is well known to the user, like a bank, online payment processor, auction site, social networking site, or even the IT administrator of their employer or ISP. These Phishing communications will typically direct users to enter their details at a fake website which bears a strong resemblance to the website of the organization they are pretending to be.


Dangers of Phishing

If a user enters details into a phishing website, such as their user-name, password, or other confidential information, it will most likely be used by criminals to steal their identity.

How to Protect yourself from Phishing

Have good email habits: Do not open any attachments, and do not respond to the links in an unsolicited email, instant message, or chat.[1]

Protect your sensitive information: Do not give your Personally Identifiable Information (PII) to anyone, whether it be over the phone or through email, unless you are sure that they are who they claim to be and that they should have access to the information; also make sure your connection to the website is encrypted.[2]

Have an updated Anti-Virus and Firewall: An Anti-virus software and firewall are essential in order to protect yourself from Phishing, Malware, and other threats. Also, keep your browser up-to-date and apply all security patches.[3]

Look out for Warning Signs: When visiting a website, be sure to look for certain "warning signs". Phishers tend to use emotional language (ie: scare tactics) to get you to buy or download their product. Also, if a "trusted organization" asks you for Personally Identifiable Information (PII) in an email or instant message, they tend not to be legitimate.[4]

Consult the WOT Scorecard: Allows you to see if the site has been listed on any blacklists.[5]