news | newsletter (signup) | wish list | polls
Traceroute           tracert                 downloads               domains                  hosting                  contacts
Phishing protection - Anti-Phishing

Phishing protection

Phishing protectionPhishing is a form of identity theft that occurs when a malicious Web site impersonates a legitimate one in order to acquire sensitive information such as passwords, account details, or credit card numbers.

eBay, PayPal and online banks are common targets. Phishing is typically carried out by email or instant messaging, and often directs users to enter details at a website, although phone contact has also been used. Phishing is an example of social engineering techniques used to fool users.

The term is a variant of fishing and alludes to the use of increasingly sophisticated baits used in the hope of a "catch" of financial information and passwords.

Tags:
  • Phishing protection
  • Anti-phishing
  • Identity theft
  • Email spoofing
  • Email fraud

More About Phishing

Most methods of phishing use some form of technical deception designed to make a link in an email (and the spoofed website it leads to) appear to belong to the spoofed organization. Misspelled URLs (ie. www.paypall.com instead of www.paypal.com) or the use of subdomains are common tricks used by phishers, such as this example URL, http://www.yourbank.example.com/, which actually takes you to "example.com" instead of "yourbank". Another common trick is to make the anchor text for a link appear to be valid, when the link actually goes to the phishers' site. An old method of spoofing used links containing the '@' symbol, originally intended as a way to include a username and password (contrary to the standard). For example, the link http://www.google.com@members.tripod.com/ might deceive a casual observer into believing that it will open a page on www.google.com, whereas it actually directs the browser to a page on members.tripod.com, using a username of www.google.com: the page opens normally, regardless of the username supplied and usually mimics design of the original website. Such URLs were disabled in Internet Explorer, while Mozilla (Firefox) and Opera present a warning message and give the option of continuing to the site or cancelling. Phishers are also known for taking advantage of using open URL redirectors on the websites of trusted organizations to disguise malicious URLs with a trusted domain.

Below is an example image of Firefox's anti-phishing feature and this is not the only advantage of having Firefox over other browsers either.

Phishing alert

Anti-phishing software consists of computer programs that attempt to identify phishing content contained in websites and e-mail. As already mentioned above, it is often integrated with web browsers (Mozilla Firefox) and email clients (Mozilla Thunderbird) or as a toolbar that displays the real domain name for the website the viewer is visiting, in an attempt to prevent fraudulent websites from masquerading as other legitimate web sites.

Phishing poses a serious threat to your personal and financial data, and you should do everything possible to protect yourself from it. A good web browser, some common sense and understanding of the problem should do the trick.



Anti-phishing