You probably a member for the online financial services provider or a respected Internet auction house. Do you even received E mail from them?
It made sense that these legitimate companies sent you an e-mail requesting you to "verify"/ "update"info that you previously provided when you have transaction with them.Right?
If the recipient respond on what they think It's real ( it isn't ).That's where"phishing"started.
What is Phishing?
The person who create phishing site(Phisher)will clone 100% the original legitimate companies web site(include logo) for you to click on.
"Phishing" trick you into revealing valuable personal info. by using fraudulent e-mails ,copy-cat Website —the info such as User id for banking, securities, mortgage, or credit accounts, and the passwords use when accessing online financial services providers. The GD scammer who collect this information then use it to steal your money, your identity, or both.
Below are the very familiar, trusted and legitimate companies clone by scammer.
Pay Pal =You click you pay .
- Ebay= Epay
"Phishing" trick you into revealing valuable personal info. by using fraudulent e-mails ,copy-cat Website —the info such as User id for banking, securities, mortgage, or credit accounts, and the passwords use when accessing online financial services providers. The GD scammer who collect this information then use it to steal your money, your identity, or both.
How Do Phishers "get" You ?
When fraudsters go on "phishing" expeditions, they lure their targets into a false sense of security by hijacking the familiar, trusted logos of legitimate companies. A typical phishing scam begins when a phisher sends out millions of e-mails that appear to come from a high-profile financial services provider or a respected Internet auction house.The phishing e-mail will usually ask you to provide valuable information about yourself or to "verify" information that you previously provided when you established your online account. To maximize the chances that a recipient will respond, the fraudster usually employs one or more of the tactics in the following list.
Tactics used in Phishing Fraud
- Names of Real Companies—Rather than create a phony company from scratch, phishers often use a legitimate company's name and incorporate the look and feel of its website (including the color scheme and graphics) into the phishy e-mail.
- "From" an Actual Employee—The "from" line or the text of the message (or both) might contain the names of real people who actually work for the company. That way, if you contacted the company to confirm whether "Jane Doe" truly is "VP of Client Services," you'd get a positive response and feel assured.
- URLs that "Look Right"—The e-mail might include a convenient link to a seemingly legitimate website where you can enter the information the phisher "planing" to steal. But in reality, the website will be a quickly c obbled copy-cat—a "spoofed" website that looks like the real thing. In some cases, the link might lead to select pages of a legitimate website—such as the real company's actual privacy policy or legal disclaimer.
- Urgent Messages—Many fraudsters use fear to trigger a response, and phishers are no different. In common phishing scams, the e-mails warn that failure to respond will result in account access denial. Other phishing e-mails might claim that the company has detected suspicious activity in your account or that it is implementing new privacy software or identity theft solutions.
X*internet
The Example (Real) Phishing letter:From: Google Adwords-noreply [mailto:adwords-noreply@google.com]Google’s (AdWords owner)response :
Sent: Saturday, March 22, 2008 9:40 AM
To: XXXXXXXXXXXX
Subject: [Released by Allow List] Please Update Your Billing Information
————————
Dear Google AdWords Customer!
In order to update your billing information, please sign in to your AdWords account at https://adwords.google.com , and update your billing information. Your account will be reactivated as soon as you have entered your payment details. Your ads will show immediately if you decide to pay for clicks via credit or debit card. If you decide to pay by direct debit, we may need to receive your signed debit authorization before your ads start running, depending on our location. If you choose bank transfer, your ads will show as soon as we receive your first payment. (Payment options vary by location.)
Thank you for choosing AdWords. We look forward to providing you with the most effective advertising available.
Sincerely,
The Google AdWords Team
————————
This message was sent from a notification-only email address that does not accept incoming email. Please do not reply to this message. If you have any questions after following the steps above, please visit the Google AdWords Help Center at https://adwords.google.com/support/bin/topic.py?topic=8336>
From: XXXXX [mailto:XXXXXXXXX@google.com]
Sent: ***day, **** 24, 2008 3:** PM
To: XXXXXXXXXXXXX
Subject: Re: [#25595532] [Released by Allow List] Please Update Your Billing Information
Hi XXXXXXXX,
This appears to be a ’spoofing’ email sent to some AdWords advertisers recently. ‘Spoofing’ refers to the act of frau
dulently altering certain properties of an email to make it appear as though it originated from a legitimate source. The email can then lead to a deceptive website which collects sensitive personal information. In this case, the email may have appeared to be from Google AdWords, asking for your account login information. Please do not respond to these emails.
Google is not responsible for nor are we able to monitor the actions of other parties. However, we are very committed to ensuring
the safety and security of our users and our ad
vertisers, and we take issues of fraud seriously. Moreover, we’ve dedicated a number of resources towards preventative measures, such as the Google Safe Browsing extension for Firefox. You can find more information about this feature at http://www.google.com/tools/firefox/safebrowsing/.
Here are some steps you can take to ensure the security of your account:
* Be wary of unsolicited messages. Google will never send unsolicited messages asking for your password or other sensitiv
e information. If you need to change your account information, such as your billing details or your password, always sign into your AdWords account from https://adwords.google.com and make the changes directly within your account.
* Check the message headers. The ‘From:’ address and the ‘Return-path’ should reference the same source.
* Make sure the URL is legitimate. The AdWords homepage URL will always be https://adwords.google.com.
* Change your Google Account password frequently. To learn how, visit https://adwords.google.co
m/support/bin/answer.py?answer=24828.
* Report suspicious messages to adwords-charge@google.com.
* Keep your computer’s antivirus and spyware protections up to date and regularly run system scans.
If you believe your Google AdWords account may have been compromised, please let us know so that we can initiate an investigation.
Best,
XXXXXXXXXX
——————
XXXXXX
Account Associate
National Agency Team
How to Protect Yourself from Phishing
The best way you can protect yourself from phony phishers is to unders tand what legitimate financial service providers and respectable online auction houses will and will not do. Most importantly, legitimate entities will not ask you to provide or verify sensitive information through a non-secure means, such as e-mail.Six Simple Anti-Phishing Guidelines
Follow these guidelines to protect yourself from phishing:- Pick Up the Phone to Verify - Do not respond to any e-mails that request personal or financial information, especially ones that use pressure tactics or prey on fear. If you have reason to believe that a financial institution actually does need personal information from you, pick up the phone and call the company yourself—using the number in your rolodex, not the one the e-mail provides!
- Do Your Own Typing - Rather than merely clicking on the link provided in the e-mail, type the URL into your web browser yourself (or use a bookmark you previously created). Even though a URL in a phishing e-mail may look like the real deal, phishers can mask the true destination.
- Beef Up Your Security - Personal firewalls and security software packages (with anti-virus, anti-spa m, and spyware detection features) are a must-have for those who engage in online financial transactions. Make sure your computer has the latest security patches, and make sure that you conduct your financial transactions only on a secure web page using encryption. You can tell if a page is secure in a couple of ways. Look for a closed padlock in the status bar, and see that the URL starts with "https" instead of just "http."
Security Tip: Some phishers make spoofed websites which appear to have padlocks. To double-check, click on the padlock icon on the status bar to see the security certificat e for the site. Following the "Issued to" in the pop-up window you should see the name matching the site you think you're on. If the name differs, you are probably on a spoofed site.
- Keep Your Computer Clean - Surfing the Internet causes personal information to be stored on your comp uter. The easiest way to keep your computer clean from this clutter is to use a computer cleaning tool, like SecureClean.
- Read Your Statements - Don't toss aside your monthly account statements! Read them thoroughly as soon as they arrive to make sure that all transactions shown are ones that you actually made, and check to see whether all of the transactions that you thought you made appear as wel l. Be sure that the company has current contact information for you, including your mailing address and e-mail address.
- Spot the Sharks—Visit the website of the Anti-Phishing Working Group at http://www.antiphishing.org/ for a list of current phishing attacks and the latest news in the fight to prevent phishing. There you'll find more information about phishing and links to helpful resources.
What to Do if You Run into Trouble with Phishing
Always act quickly when you come face to face with a potential phishing, especially if you've lost money or believe your identity has been stolen.- Phishing E-mails —If a phishing scam rolls into your e-mail box, be sure to tell the company right away. You can also report the scam to the FBI's Internet Fraud Complaint Center at http://www.ifccfbi.com/. If the e-mail purports to come from a brokerage firm or mutual fund company, be sure to pass along that tip to the SEC's Enforcement Division by forwarding the e-mail to mailto:enforcement@sec.gov.
- Securities Scams—Before you do business with any investment-related firm or individual, do your own independent research to check out their background and confirm whether they are legitimate. For step-by-step tips and links to helpful websites, please read Check Out Brokers and Advisers and SIPC Exposes Phony "Look-Alike" Web Site. Report investment-related scams to the SEC using the SEC's online Complaint Center .
Edited By:Internet scam blog
Info Sources:Internet.
Related Search:How To Use VeriSign SSL Certificates Fight Phishing