Home > Business > Special
What's phishing? How to be safe?
December 20, 2004
Phishing scams have rocked Internet users for some time now.
But phishing attacks especially intensified in 2004, making them a very serious emerging threat that rides on the surge of e-commerce and e-banking transactions through fraudulent means, says a study conducted by anti-virus software specialist Trend Micro.
What is phishing?
Phishing means sending an e-mail that falsely claims to be from a particular enterprise (like your bank) and asking for sensitive financial information.
Phishing is sending out a 'bait' in the form of a spoofed e-mail that closely mimics most bank notifications.
The fraudulent mail is socially engineered to convince recipients to divulge sensitive information such as credit card numbers, PIN, social security numbers and some such information, says Trend Micro.
Some phishing mails include a legitimate-looking URL that actually conceals the phishing URL, or the site where the stolen information is stored, while some include an image, which when clicked, directs the affected user to the phishing site.
There are ways to 'spoof' an e-mail so that it appears to have come from someone other than the person who is actually sending it. An e-mail can be spoofed by tweaking the settings of e-mail clients like Outlook Express, Netscape Messenger and Eudora. E-mail spoofing is a popular way of scamming online.
How to be safe
Trend Micro lists out the ways in which you can keep yourself safe from phishing scams:
How to find out if an e-mail is genuine
However, finding out whether an e-mail is genuine or not is not very difficult. Every e-mail message contains headers that have the following information:
Origin, which shows information about the machine that sent it,
- Relay, which shows the sender machine relaying it to another, and
Final destination, which shows the machine that receives it, the IP address and the domain name.
Check out this URL: http://www.lse.ac.uk/itservices/help/e-mailheader.htm for an example of what the different things in an e-mail header mean.
By learning how to identify what the header components are you can distinguish whether an e-mail is genuine or spoofed.
From May 2004 to November 2004 alone, Trend Micro registered a total of 9,709 phishing mails. July generated the most number of phishing mail incidence with 2,932 received samples, which is a huge leap from the total of 104 phishing mails recorded in May.
Most phishing attacks from May to November 2004 targeted Citibank, covering a little more than half of the entire phishing incidence recorded. Citibank has banking, lending, and investment services worldwide making it a prime target for these types of attack.
US Bank, one of the largest financial services holding companies in the United States, comes in second in the list of most targeted banks, with 21 per cent.
Suntrust (one of the largest commercial banking institutions in the US) and Ebay (an international online "marketplace") are next on the list with 10 per cent and 8 per cent, respectively.
Even in India, ICICI Bank, Citibank and other financial institutions have been targetted by 'phishers.'
A legitimate financial institution will never ask for details of your account via an e-mail. You must never e-mail financial information over the Internet as it is not a secure method for transmitting such sensitive information.