Saturday, June 21, 2008 . 2:29:00 PM
Phishing is an attempt to criminally obtain sensitive information of the others. These information include usernames, passwords and credit card details. Phishing is done by the mastermind impersonating a trustworthy entity in an electronic communication. An e-mail is sent to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering sensitive information that will be used for identity theft. Usually a link is included in this e-mail for the victims to click. The link in the e-mail directs the user to visit a web site that is professionally developed to look exactly the same as the website they claim to be from where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. 
PayPal is one of the many examples that phishers has tried to impersonate. PayPal was spelled wrongly in this phishing attempt in the e-mail and the presence of an IP address in the link are both clues that this is a phishing attempt. Another giveaway is the lack of a personal greeting, although the presence of personal details would not be a guarantee of legitimacy. Other signs that the message is a fraud are misspellings of simple words and the threat of consequences such as account suspension if the recipient fails to comply with the message's requests.
In Malaysia, banks are among the most popular target of phishers. Maybank2u.com.my is one of them. The phishers deceive the user with the purpose of stealing their login data and PIN number. Cross-site scripting and Trojan horses can also be used to steal such information.
There are several different methods and techniques to avoid being phished. The Golden rule is to never ever click the website links within the text of the e-mail. Typing the link on your web browser is always preferable. Delete such e-mails immediately as they may be infected with virus as well. Once you have deleted the e-mail then empty the trash box in your e-mail client as well to prevent "accidental" clicks. The alternative way is train people to recognize phishing attempts. Users should not trust any hyperlinks in suspected phishing messages.
Since phishing is based on impersonation, preventing it depends on some reliable methods to determine a website's real identity. For example, some anti-phishing toolbars display the domain name for the visited website. The “Petname” extension for Mozilla Firefox and Microsoft Internet Explorer lets users type in their own labels for websites, so they can later recognize when they have returned to the site. If the site is suspected, then the software may either warn the user or block the site immediately. The screenshots below shows phishers attempts at phishing
PayPal is one of the many examples that phishers has tried to impersonate. PayPal was spelled wrongly in this phishing attempt in the e-mail and the presence of an IP address in the link are both clues that this is a phishing attempt. Another giveaway is the lack of a personal greeting, although the presence of personal details would not be a guarantee of legitimacy. Other signs that the message is a fraud are misspellings of simple words and the threat of consequences such as account suspension if the recipient fails to comply with the message's requests.In Malaysia, banks are among the most popular target of phishers. Maybank2u.com.my is one of them. The phishers deceive the user with the purpose of stealing their login data and PIN number. Cross-site scripting and Trojan horses can also be used to steal such information.
There are several different methods and techniques to avoid being phished. The Golden rule is to never ever click the website links within the text of the e-mail. Typing the link on your web browser is always preferable. Delete such e-mails immediately as they may be infected with virus as well. Once you have deleted the e-mail then empty the trash box in your e-mail client as well to prevent "accidental" clicks. The alternative way is train people to recognize phishing attempts. Users should not trust any hyperlinks in suspected phishing messages.
Since phishing is based on impersonation, preventing it depends on some reliable methods to determine a website's real identity. For example, some anti-phishing toolbars display the domain name for the visited website. The “Petname” extension for Mozilla Firefox and Microsoft Internet Explorer lets users type in their own labels for websites, so they can later recognize when they have returned to the site. If the site is suspected, then the software may either warn the user or block the site immediately. The screenshots below shows phishers attempts at phishing
