TechChase
Sep
26

How to Avoid Phishing Scams

phishing scamI know this post is too lengthy but it’s very useful in day today Internet surfing. Rather than getting fooled by some phishing activity better to know what is phishing. This kind of crime can happen with anyone. I have real life incidence of phishing with my very close friend ‘Sagar ’ who was robbed for 6000 RS three year back by some unknown person pretending that he is employee of ONGC and there is some opening in ONGC for engineer post. I am very sorry Sagar for sharing our experience with all ,but awareness can help someone.

What is Phishing

The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Website where they are asked to update personal information, such as passwords and credit card, social security and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user’s information.

Just I was writing this post I received email from one my colleague which is very good example of phishing …Just keep reading…


Phishing Email:-

This was a mail received from the HDFC Bank stating me to upgrade my internet banking site
I was not aware that this was a fruadent mail trap to take away all my money from my bank account…..

Phishing email

Once i clicked on this link http://www.hdfcbank.com/upgradeit took me to the site http://akahdfc.net/hdfcbank/verification/netbanking/index.htm?……..

Asking for my User ID and the Password. I gave my user id and password and clicked the login Button.. later got a message Thank you for Upgrading.
And today morning i see that all the money in my account is been transferred to a unknown account using Third-party transfer(TPT) without my knowledge
Hence I  contacted the customer care and the transaction is under investigation.
So please be aware of such Fraud mails do not upgrade the site… There is nothing like upgrading your HDFC site.

How to Avoid Phishing Scams

The number and sophistication of phishing scams sent out to consumers is continuing to increase dramatically. While online banking and e-commerce is very safe, as a general rule you should be careful about giving out your personal financial information over the Internet. The Anti-Phishing Working Group has compiled a list of recommendations below that you can use to avoid becoming a victim of these scams.

Following graph showing number of phishing websites increasing day by day.

Phishing graph

  • Be suspicious of any email with urgent requests for personal financial information
  • unless the email is digitally signed, you can’t be sure it wasn’t forged or ’spoofed’
  • phishers typically include upsetting or exciting (but false) statements in their emails to get people to react immediately
  • they typically ask for information such as usernames, passwords, credit card numbers,social security numbers, date of birth, etc.
  • phisher emails are typically NOT personalized, but they can be. Valid messages from your bank or e-commerce company generally are personalized, but always call to heck if you are unsure
  • Don’t use the links in an email, instant message, or chat to get to any web page if you suspect the message might not be authentic or you don’t know the sender or user’s handle
  • instead, call the company on the telephone, or log onto the website directly by typing in the Web address in your browser
  • Avoid filling out forms in email messages that ask for personal financial information
  • you should only communicate information such as credit card numbers or account information via a secure website or the telephone
  • Always ensure that you’re using a secure website when submitting credit card or other sensitive information via your Web browser
  • Phishers are now able to ’spoof,’ or forge BOTH the “https://” that you normally see when you’re on a secure Web server AND a legitimate-looking address. You may even see both in the link of a scam email. Again, make it a habit to enter the address of any banking, shopping, auction, or financial transaction website yourself and not depend on displayed links.
  • Phishers may also forge the yellow lock you would normally see near the bottom of your screen on a secure site. The lock has usually been considered as another indicator that you are on a ’safe’ site. The lock, when double-clicked,displays the security certificate for the site. If you get any warnings displayed that the address of the site you have displayed does NOT match the certificate, do not continue.

Remember not all scam sites will try to show the “https://” and/or the security lock. Get in the habit of looking at the address line, too. Were you directed to PayPal? Does the address line display something different like “http://www.gotyouscammed.com/paypal/login.htm?” Be aware of where your browser navigation is going.

  • Consider installing a Web browser tool bar to help protect you from known fraudulent websites. These toolbars match where you are going with lists of known phisher Web sites and will alert you.
  • The newer version of Internet Explorer version 8 includes this tool bar as does FireFox 3.5
  • Use KeyScrambler Personal plugin by Firefox
  • Check if any Keylogger installed in computer if you are not using your own computer.
  • Take suspicious look at website if your browser show Web Forgery alerts
  • EarthLink ScamBlocker is part of a browser toolbar that is free to all Internet users – download at http://www.earthlink.net/earthlinktoolbar
  • Regularly log into your online accounts don’t leave it for as long as a month before you check each account
  • Regularly check your bank, credit and debit card statements to ensure that all transactions are legitimate ,if anything is suspicious or you don’t recognize the transaction, contact your bank and all card issuers.
  • Ensure that your browser is up to date and security patches applied
  • Always report “phishing” or “spoofed” e-mails to the following groups:
  • forward the email to reportphishing@antiphishing.org
  • forward the email to the Federal Trade Commission at spam@uce.gov
  • forward the email to the “abuse” email address at the company that is being spoofed (e.g. “spoof@ebay.com”)
  • when forwarding spoofed messages, always include the entire original email with its original header information intact
  • notify The Internet Crime Complaint Center of the FBI by filing a complaint on their website: www.ic3.gov/
Bookmark and Share

Tags: , , ,

Posted by Ashish Bobade Security Subscribe to RSS feed

Other Interesting Articles:

  • Virtual Credit Cards
  • Web Forgery
  • Gmail Account Security Tips
  • Phishing Email
  • How are the TROJANS working?
  • Smart Password Practices by Google
  • URL obfuscation-Phishing Attacks
  • Adding multiple Email accounts to Gmail
  • Danger Of Sharing Information On Social Networking Sites
  • Basic Security Check For WebApplications
  • What is MAC Address
  • Broadband WiFi router security issue
  • Why You Need To Secure Your Web Applications
  • Disposable email
  • WebGoat deliberately insecure web application
  • Hacking Web Applications – Truly Simple
  • FBI probes hacker attack on Citigroup
  • Email Security Threat
  • Cross Site Scripting (XSS)
  • How Cyber Cafe PC’s are insecure due to Sniffers

    • One Response to “How to Avoid Phishing Scams”

    1. TusshaR
      October 24th, 2009 at 12:00 am

      Yeah………….seems this site is Very cool………..everyone shud get meaning from this site…..wat they are telling to us…………really cool………..Thnx………ASHISH B Bro………………………………and to SANDEEP D

      [Reply]

    Leave a Reply

    You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>