Difference between revisions of "Phishing"

From WOT Wiki
Jump to: navigation, search
m
Line 2: Line 2:
 
'''Phishing''' is the term used to describe the process of attempting to fraudulently acquire confidential information such as user-names, passwords and credit card numbers by pretending to be a trusted organization that the user recognizes.
 
'''Phishing''' is the term used to describe the process of attempting to fraudulently acquire confidential information such as user-names, passwords and credit card numbers by pretending to be a trusted organization that the user recognizes.
  
Phishing is usually carried out using e-mail or instant-messaging services, and pretend to be from an organization that is well known to the user, such as a bank, online payment processor (e.g. PayPal), auction site (e.g. eBay), social networking site (e.g. Facebook) or even the IT administrator of their employer or ISP. These phishing communications will typically direct users to enter their details at a fake website which bears a strong resemblance to the website of the organization they are masquerading as.
+
Phishing is usually carried out using e-mail or instant-messaging services, and pretend to be from an organization that is well known to the user, such as a bank, online payment processor (e.g. PayPal), auction site (e.g. eBay), social networking site (e.g. Facebook), or even the IT administrator of their employer or ISP. These phishing communications will typically direct users to enter their details at a fake website which bears a strong resemblance to the website of the organization they are masquerading as.
 +
 
 +
 
 +
 
 +
 
 +
== Dangers of Phishing ==
  
 
If a user enters details into a Phishing website, such as their user-name, password, or other confidential information, it will most likely be used by criminals to steal their identity.
 
If a user enters details into a Phishing website, such as their user-name, password, or other confidential information, it will most likely be used by criminals to steal their identity.
 +
 +
 +
== How to Protect yourself fro Phishing ==
 +
 +
    * Have good email habits—do not respond to the links in an unsolicited email, instant message or chat
 +
    * Do not open attachments from unsolicited email
 +
    * Protect your passwords and don't reveal them to anyone
 +
    * Do not give sensitive information to anyone—on the phone, in person or through email—unless you are sure that they are who they claim to be and that they should have access to the information
 +
    * Check a website's security before sending sensitive information over the Internet
 +
    * Look at the site's URL. In many phishing cases, the web address may look legitimate but the URL may be misspelled or the domain is different (.com when it should be .gov)
 +
    * Install and maintain anti-virus software, firewalls, and email filters to reduce [[Spam]]
 +
    * Keep your browser up-to-date and apply security patches
 +
    * Consult the WOT scorecard to find out if the site has appeared on phishing blacklists

Revision as of 02:56, 12 March 2010

A typical phishing email

Phishing is the term used to describe the process of attempting to fraudulently acquire confidential information such as user-names, passwords and credit card numbers by pretending to be a trusted organization that the user recognizes.

Phishing is usually carried out using e-mail or instant-messaging services, and pretend to be from an organization that is well known to the user, such as a bank, online payment processor (e.g. PayPal), auction site (e.g. eBay), social networking site (e.g. Facebook), or even the IT administrator of their employer or ISP. These phishing communications will typically direct users to enter their details at a fake website which bears a strong resemblance to the website of the organization they are masquerading as.



Dangers of Phishing

If a user enters details into a Phishing website, such as their user-name, password, or other confidential information, it will most likely be used by criminals to steal their identity.


How to Protect yourself fro Phishing

   * Have good email habits—do not respond to the links in an unsolicited email, instant message or chat
   * Do not open attachments from unsolicited email
   * Protect your passwords and don't reveal them to anyone
   * Do not give sensitive information to anyone—on the phone, in person or through email—unless you are sure that they are who they claim to be and that they should have access to the information
   * Check a website's security before sending sensitive information over the Internet
   * Look at the site's URL. In many phishing cases, the web address may look legitimate but the URL may be misspelled or the domain is different (.com when it should be .gov)
   * Install and maintain anti-virus software, firewalls, and email filters to reduce Spam
   * Keep your browser up-to-date and apply security patches
   * Consult the WOT scorecard to find out if the site has appeared on phishing blacklists