Friday, July 27, 2007

PHISHING

It sounds like the water-related activity but as many phishing victims have discovered, there's nothing remotely enjoyable about phishing. And if you get hooked and your personal and financial information are phished, your life will be just as wet and soggy.

Ano ba ang phishing?

Per Wikipedia: "Phishing is a criminal activity using social engineering techniques. Phishers attempt to fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. eBay and PayPal are two of the most targeted companies, and online banks are also common targets."

A few years ago when information about phishing is not yet as prevalent, a friend of mine was victimized when he received a seemingly legitimate e-mail from his bank asking him to confirm his account info. He obliged. His account was stolen.

Here's an example of a phishing e-mail. Note the ominous warning:
"Your account has been randomly flagged in our system as a part of our routine security measures. This is a must to ensure that only you have access and use of your North Island Credit Union account. We require all flagged accounts to verify their information on file with us. To verify your information at this time, please visit our secure server webform by clicking the hyperlink below: http://www.z220.com/www.myisland.com/sampleonly
If you choose to ignore our request, you leave us no choice but to temporarily deactivate your account."

Similarly, many have reported that their e-mail addresses were hijacked by spammers when they logged into a web page very similar to Yahoo's but is actually a fake (see picture).

With a lot of people doing online transactions now more than ever, phishers are raking it in while innocent and hardworking people are left crying.

So paano mo pro-protektahan ang sarili mo against phishing?

Here are some tips:

1. Wag, wag, wag kang mag-respond to requests for personal information via e-mail. Never click on any link that these kinds of e-mails provide.
2. If you need to visit a web site where you need to enter confidential information, type the URL (the one that starts with www) into your address bar.
3. If you need to enter any personal info, find the "lock" icon. This will help ensure that the web site is using encryption.
4. Lagi ninyong review-hin ang inyong credit card and bank statements.
5. Report to the proper authorities. Call your bank or online retailer immediately if you suspect that your account has been phished.

ALSO:
Here's a TEST designed by software giant McAfee that will help you spot fake websites. You gotta see it to believe how the fake websites are so similar to the real ones.

No comments: