Identity theft and credit card fraud are probably familiar terms to most
people and more and more people are becoming aware of what is known as phishing.
In this article we look at phishing and how to beat it!
What is phishing?
Phishing is a term given to the method of trying to extract personal information
from someone without them necessarily being aware of what they are doing. It
comes in many guises and often uses something call social engineering which
is essentially hacking a human!
How to hack a human
I.T. administrators are becoming more and more aware of security and securing
their systems. A hacker will always go for a systems weakest point and as
the I.T. systems are rapidly becoming securer the potential hacker is having
to find new weak spots.
In recent years this weak spot has become you, the end user. The hacker
will play on your weaknesses, ignorance and trust which is what we call
How does phishing work
Phishing is usually done via email although there are other methods including
trojans and viruses so it is important to protect yourself. Free
security tools and utilities.
In a lot of cases you will receive an email claiming to be from a well
known business. Examples include :
- Banks and financial institutions
- Email providers
- E-bay and PayPal
The emails will usually ask you to go to a website to verify or update
your details. They may claim there is some kind of problem with your account.
The email will contain a link that points to what looks like the official
business however it is a fake and simply saves any details you enter so
the hacker can use them.
How to avoid being a victim
Identifying phishing can sometimes be tricky and there are a number of
ways to keep yourself safe. Below are some general pointers, however you
recommend you check out some of the useful links provided in this article
for more information.
- Always be suspicious of any emails requesting personal
details of any sort.
- Do not follow links in emails that request details. Always
visit a site by entering the web address in the address bar then navigating
to the appropriate page. If in doubt contact the site directly using an appropriate
email address or phone number.
- Never ever give out your bank card PIN to anyone under
- Always treat your email account username and password with
the utmost care. It is the gateway to ALL your details and can be used to
obtain further usernames and passwords by a hacker.
- Varify the address in the address bar is correct. An illegitimate
address can often be disguised as a legitimate one.
For example :
could be a valid site address but it is NOT ebay's even if it looks like
- Varify any security certificates on secure sites as almost
all sites requesting personal information will use an SSL security certificate.
- Monitor your bank statements and account details carefully
and check and actions or transactions regularly.
- Change passwords regularly and try to avoid using the same
username and/or password across multiple sites. This means if one account
becomes compromised it is harder (but not impossible) for the hacker to obtain
further account details.
What to do if you think you have been caught out
You may not know you have been caught immediately but is important you
act quickly and calmly to cover all your bases and limit any further damage.
You should keep detailed records of what you did and when and keep a record
of all correspondence.
- Inform your bank if you have given out any bank details
or any information that may allow a hacker to obtain bank details. It
is advisable you close any account and open a new one.
- Inform the business concerned giving them complete
details of how you were targeted and the details you provided.
- Change any usernames and passwords that you gave out
or could be obtained. Don't forget to change password reminders.
- Inform any related parties. For example if your mistake
could compromise friends or family or the company you work for you should
make them aware of the situation so they can protect their interests.
- Change your email account if your email address is
compromised making sure you notify everyone who may contact you including
websites you have signed up to with this email account.
How to report it
Businesses who are targeted usually have some kind of fraud or abuse department
which you can email details to. If you receive one of these emails you should
always forward it on to them so that they can investigate and have the offending
site shut down.
If you are fairly I.T. literate you can use trace routes and whois tools to
identify the ISP who is hosting the offending site. No legitimate ISP wants
this sort of site on their network and they will take steps to shut it down.
Phishing is a huge growing concern and many people and businesses are finding
themselves being caught out. Yet with a little thought and education the
risk of being caught out can be greatly minimized.
The good news is that businesses are taking steps to over come these issues
such as user education and system security. In the next release of Internet
Explorer (Version 7 which is now in beta testing) there are added security features
which include anti-phishing.