Insight of E-commerce

Phishing: Examples and its prevention methods.

What is phishing?

Phishing (pronounced “Fishing”) is an online fraud technique used by criminals to entice you to disclose your personal information. Phishing is the fastest rising online crime method used for stealing personal finances and perpetrating identity theft.

Phishers use many different tactics to lure you, including e-mail and Web sites that mimic well-known, trusted brands. A common phishing practice involves "spamming" recipients with fake messages that resemble a valid message from a well-known Web site or a company that the recipients might trust, such as a credit card company, bank, charity, or e-commerce online shopping site. The purpose of fake messages is to trick consumers into providing their personal information such as: name and username, address and phone number, password or PIN, bank account number, ATM/debit or credit card number and etc.

Criminals use this information in many ways for financial gain. For example, a common practice is identity theft, whereby the criminal steals your personal information, takes on your identity, and can then do the following:

• Apply for and get credit in your name.
• Empty your bank account and max out your credit cards.
• Transfer money from your investment or credit line accounts into your checking account, and then use a copy of your debit card to withdraw cash from your checking account at ATMs around the world.

Example of phishing:

Citibank phishing scam

eBay phishing scam

IRS Tax Refund scam

How to prevent phishing?

1. Never reply to e-mail messages that request your personal information

Be very suspicious of any e-mail message from a business or person that asks for your personal information — or one that sends you personal information and asks you to update or confirm it. Instead, use the phone number from one of your statements to call and do not call a number listed on the e-mail message. Similarly, never volunteer any personal information to someone who places an unsolicited call to you.

2. Use strong passwords and change them often

If your account allows them, strong passwords combine uppercase and lowercase letters, numbers, and symbols, which make them difficult for other people to guess. Don't use real words. Use a different password for each of your accounts and change them frequently. It's hard to remember all those passwords. For tips on creating strong passwords and how to remember and store passwords securely, see creating stronger passwords.

3. Don't send personal information in regular e-mail messages

Regular e-mail messages are not encrypted and are like sending a post card. If you must use e-mail messages for personal transactions, use Outlook to digitally sign encrypt messages by using S/MIME: Secure Multipurpose Internet Mail Extensions (S/MIME) is a specification for secure e-mail messages security. MSN, Hotmail, Outlook Express, Microsoft Office Outlook Web Access, Lotus Notes, Netscape, and Eudora all support S/MIME security.

4. Don't click links in suspicious e-mail

Don't click a link contained in a suspicious message. The link might not be trustworthy. Instead, visit Web sites by typing their URL into your browser or by using your Favorites link. Do not copy and paste links from messages into your browser.

5. Do business only with companies you know and trust

Use well-known, established companies with a reputation for quality service. A business Web site should always have a privacy statement that specifically states that the business won't pass your name and information to other people.

6. Make sure the Web site uses encryption

The Web address should be preceded by https:// instead of the usual http:// in the browser's Address bar. Also, double-click the lock icon on your browser's status bar to display the digital certificate for the site. The name that follows Issued to in the certificate should match the site that you think you're on. If you suspect that a Web site is not what it should be, leave the site immediately and report it. Don't follow any of the instructions it presents.

7. Help protect your PC

It is important to use a firewall, keep your computer updated, and use antivirus software, especially if you connect to the Internet through a cable modem or a digital subscriber line (DSL) modem.

8. Monitor your transactions

Review your order confirmations, credit card and bank statements as soon as you receive them to make sure that you're being charged only for transactions you made. Immediately report any irregularities in your accounts by dialing the number shown on your account statement. Using just one credit card for online purchases makes it easier to track your transactions.

9. Use credit cards for transactions on the Internet

In most locales, your personal liability in case someone compromises your credit card is significantly limited. By contrast, if you use direct debit from your bank account or a debit card, your personal liability frequently is the full balance of your bank account. In addition, a credit card with a small credit limit is preferable for use on the Internet because it limits the amount of money that a thief can steal in case the card is compromised. Better yet, several major credit card issuers are now offering customers the option of shopping online with virtual, single-use credit card numbers, which expire within one or two months. For more details, ask your bank about perishable virtual credit card numbers.