|You are here: Rediff Home » India » Get Ahead » Living|
Phishing or spoofing has been in the news recently, thanks to a number of online frauds that have hit the headlines. Chances are you have even received a few e-mails warning you not to disclose your bank details (such as your account number or online banking password) to what may seem like authentic bank e-mails.
Now while you may adhere to the instructions religiously for fear of losing your life's savings, you are probably not completely aware of what phishing is or how it can threaten your online identity, security and funds.
So, to help you understand the threat better, we present the most frequently asked questions when it comes to 'phishing'.
My friend sent me an e-mail asking me to be careful about e-mails from my bank? Why is that?
What your friend is cautioning you about a phenomenon called phishing (pronounced fishing). It's important that you become familiar with the term. Phishing is an online fraud perpetrated to steal your identity and gain access to sensitive information such as your online banking username and password, credit card details etc.
So how exactly does phishing work?
A phishing attack could take many forms. You may receive an e-mail seemingly from your bank asking you to click on a link and update your username and password as part of its maintenance.
Or you may get a similar e-mail from your credit card company asking for your credit card and CVV numbers and other details. Such e-mails are most likely to have been sent by fraudsters, who will capture the data you enter to misuse your bank accounts or credit card details.
Phising attacks are not restricted to financial information, and often extend to identity theft. Spear fishing is an e-mail spoofing scam intended to compromise your corporate accounts through an e-mail that looks to have come from a colleague.
So what could happen if I do fall for such a phishing attempt?
Several unsavoury things. For example, if you give out your credit card details, the phisher could use it to carry out fraudulent transactions on your card. Your online banking account can be similarly misused. Or you could end up on some e-mail marketer's list, and receive a lot of spam in your inbox, many of which may be malicious.
What are the ways in which you can fall for a phishing attempt?
There are lots of phishers out there thinking of diabolical new ways of deceiving you. The most common way of misleading users is by manipulating links. For instance, a malicious email purporting to be from your bank (let's say Feelgood Bank) may contain a link to www.feeelgoodbank.com (notice the extra 'e') instead of www.feelgoodbank.com. When you click on the former you are taken to a page that looks exactly like the real website, but actually belongs to a fraudster.
Another common trick is to try to deceive you with anchor text for a link. For instance, the email may encourage you to click on Feelgood Bank, only that the hyperlink leads to another totally different site, www.youvebeenconned.com.
Other ways of phishing are to invite you to participate in surveys for some monetary payment and e-mails telling you that you have won a lottery, to claim which you would have to enter some personal details.
Can I trust a web page if the URL looks legitimate?
Not really. Some phishers use images of legitimate URLs on your address bar. You might think it's the real McCoy and end up on the page of a fraudulent website. Some even hack a trusted website's code. The link may redirect to a fake site where everything from the URL to the security certificates may seem legitimate. This is very hard to detect.
There are many, many ways in which phishers can hook you. Eternal vigilance is the key to prevent phishing tragedies.
How can I avoid falling into the phishing trap?
Here are some simple dos and don'ts that can save you a lot of heartache.
|Email | Print | Get latest news on your desktop|
|© 2008 Rediff.com India Limited. All Rights Reserved. Disclaimer | Feedback|