Phishing is the attempt to acquire sensitive
information such as usernames, passwords, and credit card details etc often for malicious reasons, by
masquerading as a trustworthy entity in an electronic communication.
For some time now, facebook users began receiving an alarming email warning. "For security reasons, your account will be disabled permanently," said the email. To confirm your identity, the mail instructed users to click on a link and log into what looked like a real Facebook page. But this email had nothing to do with Facebook. It was a phishing (pronounced “fishing”) scam, a form of identity theft in which hackers use fraudulent websites and fake emails to attempt to steal your personal data, especially passwords and credit card information. Phishing scammers send emails that appear to come from trustworthy sources such as a social media website or a financial service provider, and tell you that they need you to follow certain links in order to rectify some problem. Then they steal your data as you enter it, lock you out, and begin using your account to send more scam messages in your name.
Phishing attacks are happening everywhere. Online security firm Kaspersky Labs says it repelled nearly 800 billion attacks in 2015, almost 2 million of which were attempts to steal money from online bank accounts. According to Fraudwatch International, a global online fraud protection service, some of the recent phished sites included Bank of America, PayPal, Chase Bank and Apple Store. Typical fake email alerts: “Westpac Bank—Your Account Has Been Blocked,” or “Apple Store—About your last Transaction.”
For some time now, facebook users began receiving an alarming email warning. "For security reasons, your account will be disabled permanently," said the email. To confirm your identity, the mail instructed users to click on a link and log into what looked like a real Facebook page. But this email had nothing to do with Facebook. It was a phishing (pronounced “fishing”) scam, a form of identity theft in which hackers use fraudulent websites and fake emails to attempt to steal your personal data, especially passwords and credit card information. Phishing scammers send emails that appear to come from trustworthy sources such as a social media website or a financial service provider, and tell you that they need you to follow certain links in order to rectify some problem. Then they steal your data as you enter it, lock you out, and begin using your account to send more scam messages in your name.
Phishing attacks are happening everywhere. Online security firm Kaspersky Labs says it repelled nearly 800 billion attacks in 2015, almost 2 million of which were attempts to steal money from online bank accounts. According to Fraudwatch International, a global online fraud protection service, some of the recent phished sites included Bank of America, PayPal, Chase Bank and Apple Store. Typical fake email alerts: “Westpac Bank—Your Account Has Been Blocked,” or “Apple Store—About your last Transaction.”
The Economic and Financial Crimes Commission, EFCC, in 2015 arrested three suspected internet fraudsters who are part of a syndicate over allegations of
conspiracy, internet scam and stealing from one of the new generation
banks to the tune of N806, 208,000.00 (Eight Hundred and Six Million Two
Hundred and Eight Thousand Naira). Forty others are still at large.
Internet
Service Providers (ISPs) are also now among scammers’ favorite phishing
targets, surpassing the banking and financial services sectors during
the first three quarters of 2015, reports the non-profit Anti-Phishing Working Group
(APWG). Phishers like to break into ISP accounts so that they can send
spam from those user accounts. ISP accounts can also contain other
things that phishers want: personal identity information, credit card
details, and access to domain name and hosting management.
The Best Defense/Protection
How can you protect yourself against phishing lures? Here's some advice:
- If
you aren’t 100 percent certain of the sender’s authenticity, don’t
click on attachments or embedded links; both are likely to result in
malware being installed. Instead, open a new browser window and type the
URL directly into the address bar. Often a phishing website will look
identical to the original, so check the address bar to confirm the
address.
- Similarly,
never submit confidential information via forms embedded in or attached
to email messages. Senders are often able to track all of the
information you enter.
- Be
wary of emails asking for financial information. Emails reminding you
to update your account, requesting you to send a wire transfer, or
alerting you about a failed transaction are compelling. However,
scammers count on the urgency of the message to blind you to the
potential for fraud.
- Don’t
fall for scare tactics. Phishers often try to pressure you into
providing sensitive information by threatening to disable an account or
delay services until you update certain information. Contact the
merchant directly to confirm the authenticity of the request.
- Be suspicious of social media invitations from people you don’t know. According to Kaspersky Lab research,
over one in five phishing scams target Facebook. Phishers rely on your
natural curiosity to click on the person’s profile “just to find out who
it is.” However, in a phishing email, every link can trigger malware,
including links that appear to be images or even legal boilerplate;
scammers use your hijacked account to send spam to your friends, because
spam from real accounts is more believable than spam from a fake
account.
- Watch
out for generic-looking requests for information. Many phishing emails
begin with “Dear Sir/Madam.” Some come from a bank with which you don’t
even have an account.
- Ignore emails with typos and misspellings. Recent real examples targeting TurboTax include ”Your Change Request is Completeed” and “User Peofile Updates!!!”.
- Update and maintain effective software to combat phishing. Reliable anti-virus or internet security software should also automatically detect and block fake websites, as well as authenticating the major legitimate banking and shopping sites. So keep your antivirus software updated and run complete virus scans regularly.
Mobile
device users should be especially vigilant. Scammers increasingly
design mobile-friendly pages; what’s worse, many browsers hide the web
address bars, so it can be even more difficult to spot scams on a mobile
device.
No comments:
Post a Comment