What is Phishing?

Introduction

Phishing, pronounced 'fishing' has nothing to do with the activity/sport but the procedure behind it is very similar. The people behind these scams are criminals. They are thieves whose intentions are to steal your identity and gain access to your Credit Card information, Bank Account and your Ebay and Paypall account if you have one.

<>How do they do it?

It's by deception. The 'hook, line and sinker' arrives in the guise of an email. The email purports to be from your Bank, Credit Card Company, Ebay account, Paypal account etc. Phishing emails usually include official-looking logos and information taken from legitimate websites in an effort to appear convincing. The only difference is that the email will always contain some form of bad news that is intended to cause panic by the recipient. The email could contain good news such as you have money to be credited to your account.

The email will say something similar to, 'Your account has been compromised in some way' or 'We have been unable to make payment' or 'We have been unable to deposit funds in your account'. The content of these emails vary in many ways in an attempt to deceive you into believing that something terrible or good has happened.

The bottom line is that the email will request that you visit your on-line banking service etc. and provide information about yourself by logging in with your name, password and provide your account number. They will provide a link for you to do this such as www.yourbank.com. The link will also look very official but it is a disguise.

Clicking on this link will send you to a spoofed website. Web addresses in phishing emails can be disguised so that they appear to be taking you to a trusted address, but in fact they point to somewhere different that has been set up by the thieves.

The website will look very similar in appearance to your normal banking service etc. It will have the same design, layout and corporate colours. Everything will look fine but in 'panic' you don't closely examine the website. You enter the details as requested, submit them and they've got you.

The criminals then go on a spending spree with your credit card or access any other account(s) and transfer funds out of your account(s).

Here is an example of a 'phishing' email that I recently received:

==========================================
QUOTE
Dear eBay Member,

We are writing to alert you that your balance is not paid, because your
credit/debit card company declined eBay's attempt to charge your monthly
invoice amount to your credit/debit card.

Your payment is due by your next invoice date.

To speed up this process, you are required to place other credit/debit
against the account registration data we have on file.

Place or update credit/debit card on file. <<< This was the link.

As a courtesy, eBay will automatically make a second attempt to charge
your card. This attempt will take place in about 3 to 5 business days.

As a reminder, past due accounts may be restricted from buying or
selling until payment is received.

Regards,
eBay Billing Department
===========================================

You may say that the above example is obviously not an official email but please remember that the above is only an example. Some 'Phishing' emails look very official.

Thousands upon thousands of these emails are sent out every day. Most are ignored by the recipient but some do get a response and the thieves then have a field day.

<>How do I recognize a Phishing email?

i) Firstly and most important is that your on-line banking service etc. will never send you an email asking you to verify your details or ask for your password. They already know your name and account details. Any email asking you to 'verify your account', 'confirm your sign in details', or using any similar form of words, is certainly a scam. If your account has been compromised in any way then they would have contacted you by telephone and/or by general mail.

ii) If the email is allegedly from Ebay or Paypal then log into your account as you would normally. Do not use the link provided in the email. Any emails from these providers will be shown in your account.

iii) The majority of Phishing emails contain bad grammar and spelling mistakes. The above Email is a good example. Remember some are word perfect.

<>What should I do if I receive such an email?

i) Do not reply to it. By doing so you inform the perpetrators that they have made contact with an active email account and you could then receive even more of these type of emails.

ii) Telephone your Bank or Credit Card Company etc. and discuss the content of the email with them.

iii) Visit the home site of your Bank or Credit Card Company. Do not use the link provided in the email. On the official website you will find a link on how to report phishing emails. To report suspected emails to Ebay just forward the email to spoof@ebay.co.uk and with Paypal forward to spoof@paypal.com. When forwarding do not alter the email in any way whatsoever.

iv) Never click on the link in the email.

Always remember to be on your guard. If you become suspicious of any email then contact your provider and inform them.

<>I've provided my details what should I do?

You have received a phishing email and been tricked into providing your details. As a matter of urgency you should immediately:

i) Contact your Banking Service or Credit Card Company etc. and inform them what has happened.

ii) Go on-line and change your passwords to your accounts.

iii) Contact your local Police and report what has happened.

Finally, the best way to remain safe is to never disclose your password to anyone. Don't write it down and carry it on your person or leave it anywhere for others to see.

Happy computing and safe surfing.

by:Tjolly
5 Star Support Forums

Related material:


What is a Virus?
What is Spyware?
What is Phishing?
What is a Firewall?
Preventing malicious attacks

Additional resources:


Security and Vulnerability
Spyware and Adware

 

← back to tutorials