Wednesday, August 31, 2011

Don't Get Trapped in this Phishing Net....

Some Light on Phishing so that you don't get trapped Phishing is a hot terminology over the net users these days. Infact, it is a point of major concern for internet users. Every now and then you will find a mail in your mailbox from a valid ID of your mail services (Hotmail, Yahoo … etc.) or your bank (Citibank… etc.) telling you about the changes in your account as requested or the request for verification for your account by confirming your password, Internet pin number etc. 


This all will appear very genuine and original to you. It is more like a fake note printed & designed so cleverly (and perfectly ofcourse) that you will never doubt that it is not original. Don’t get trapped in this, as this is all fake, dubious and forged. I get a mail frequently from my bank that to avoid frauds over the internet they are verifying the passwords on their site to confirm user’s identity. 


Similarly time to time I get an email from Yahoo that my request for change of password, and I must verify it within next 24 hours to validate it else it will get suspended. In both the cases I get a genuine a hyperlink mentioning the address of Citibank / Yahoo on which I am supposed to click so as to reach to their site and validate myself. Now the moment you click on the link, you reach to the same looking home page looking as original as my bank / or mail service provider site. I am supposed to enter my I-Pin / password to confirm that I am the actual account holder, and the moment I enter the requested details I have opened the door for a disaster. 


The catch is the address on the top which will be not the same as I would have thought of. But then who cares to look at the address when the home page is totally as good as the original or genuine one. For example the link in my mail will tell me to click on the address http://www.citibank.co.in/verify_user/ and when I click on it, it will open a new browser with the same original contents but the address on the top will be something different (may look as the one on which I clicked in first instance) like http://www.citibnk.co.in/verify_user or http://www.citibank.cc/verify_user. What should I do Well, being an IT guy, I was careful enough, but there are innumerous users who got trapped by providing the requested information and then had fraudulent impact on their accounts. 


Your all important mails will be accessible, your bank account is accessible, and imagine the things will be known to you only after they have happened successfully by the person you never know or will ever come to know. What is it?You are the fish and somebody doing it has put the bait in the pond of internet. The moment you bite the bate, your identity is stolen and you have invited all kind of hassles and problems. What exactly happens? The phisher will create email that looks as an official email from your bank or email service provider (or from any other important site where you have an account and any kind of commercial fraud or defamation can occur). 


This email will ask you to visit their site through the link they provide which again will look official and accurate. And when you click on that you are told to enter all your personal information for verification purposes. You just have handed over you’re the desired information to a Thief. Catch here is that no business will ask or should ask for your private information via email or internet. Another catch is the link they ask you to click on. It will look as if it links you to your bank but will go entirely to some other place. 


Third catch is if you keep your mouse over the link, you will see the exact place where it is directing to you in the popup text (or in the browser’s status line at the bottom when you have clicked on it and that browser has opened). Be careful to check that the actual destination should match (alphabet by alphabet) what you are expecting. Take care that the actual destination should be a proper name and not an IP address like http://66.55.133.9. Moreover this link should always direct you to a secure site (https and not http). Only avoiding way is never to click on the link. Still if you want to give it a try, type the complete address stated in your mail with your hands and you will find no information is being asked there. Or straightaway call your bank to inquire if they are the sender of this mail. thanks Ĵẫїďẻếþ ©

No comments: