This morning I received another of those “You have won a lottery!” mails.
This made me realize that cyber criminals will continue to try baiting unsuspecting net users, and so I should periodically remind my readers to how to stay off the Scammers net. So let’s talk about “Phishing” today.
What is Phishing?
According to McAfee Security Tips, “Phishing are scams that attempt to acquire confidential information such as credit card numbers, personal identity data, and passwords by sending out emails that look like they come from real companies or trusted individuals.”
The common phishing mails usually involve communications regarding the winning of a lottery; the imminent closure of bank account; order confirmation; verification of billing information and return of excess payments made to the tax dept.
Usually scammers send the mails to many victims, whose e-mail ids they might have harvested from the net, hoping that at least some will fall prey to their trap and click on a malicious link or open a malicious attachment.
I have provided snapshots of two very common types of phishing mail, courtesy Hoax-slayer:
This email was sent by the Citibank server to verify your e-mail address. You must complete this process by clicking on the link below and entering in the small window your Citibank ATM/Debit Card number and PIN that you use on ATM. This is done for your protection – because some of our members no longer have access to their email addresses and we must verify it.
To verify your e-mail address and access your bank account, click on the link below. If nothing happens when you click on the link (or if you use AOL), copy and paste the link into the address bar of your web browser.
Thank you for using Citibank!
Dear MSN Customer,
During one of our regular automatical verification procedures we’ve encountered a technical problem caused by the fact that we could not verify the information that you provided during registration.
We urgently ask you to submit your information so that we could fully verify your identify, otherwise an access to MSN services for your account will be deactivated until you pass verification process.
To submit your information please use our secure online application – apply here (LINK REMOVED).
Thank you for using our services, MSN Payment Processing Department.
Watch out for these signs of a phishing mail, courtesy Microsoft Safety & Security Center:
Ever wondered what scammers do with your information?
- Access your bank account: They harvest your passwords, user names and other details and directly access your account. After that, they can easily transfer funds, conduct transactions etc. They can also change the password and lock you out of your own account
- Use your credit card: Similarly, once they get you to share your credit card details including expiry date and user name, they can carry out transactions and charge it to your account
- Steal your identity: If you have been naïve enough to offer details like PAN number, bank account and credit card details, the scammer will find it very easy to create a profile using your details. Thy can use this profile or sell it to others for various criminal reasons. It will take months or even years to resolve legal issues, clear your name and pay off debts
If you receive a suspicious message that looks like a phishing mail:
- Delete the mail, without clicking on the links or opening attachments
- Don’t enter personal or financial information into pop-up windows
- Type addresses directly into your browser or use your personal bookmarks. Don’t use links in e-mails to access netbanking facilities
- If in doubt it is better to contact the company or individual directly
- Don’t wire money to friends supposedly stranded in foreign countries without first confirming with him/her or others
- Don’t share bank details with any online seller/employer without proper verifications
What if you accidentally get “phished”?
- Change email id and password
- Inform your bank immediately
- Inform all your friends so that the scammer can’t touch them by sending mails from your account
- File a report with the nearest cybercrime cell if your bank details get stolen
How to safeguard yourself against phishing attacks
- Use a comprehensive internet security software that includes advanced ant-phishing software
- Periodically change your passwords/log in id
- Keep spam filter “on” while accessing the net
- Always report spams
- Carry out transactions from secure sites that have the ‘padlock’ symbol, begins with https//: and is certified to be ‘visa secure’
For further details, please visit: