A phishing technique was described in detail as early as 1987, while the first recorded use of the term "phishing" was made in 1996. Phishing is the process of attempting to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by hidden as a trustworthy entity in an electronic communication. Malware and pharming are the common tools which use for steal information.
Phishing is an e-mail fraud method in which the phisher sends out legitimate-looking email in an attempt to gather personal and financial information from recipients.
The damage caused by phishing ranges from denial of access to e-mail to substantial financial loss. This style of identity theft is becoming popular, because of the readiness with which unsuspecting people often disclose personal information to phishers, including credit card numbers. Once this information is acquired, the phishers can use the victim’s details to create a fake account to debt, use their credit to buy valuable goods.
Since phishing is based on simulate, preventing it depends on some reliable way to determine a website's real identity. People can take steps to avoid phishing attempts by slightly modifying their browsing habits. When contacted about an account needing to be "verified”, it is a sensible precaution to contact the company to check whether the e-mail is legitimate.
The legitimate e-mail messages from companies to their customers contain an item of information that is not readily available to phishers. Some companies, for example PayPal, always address their customers by their username in e-mails, so if an e-mail addresses the recipient in a generic fashion ("Dear PayPal customer") it is likely to be an attempt at phishing or E-mails from banks and credit card companies often include partial account numbers.
Preventions method
· There are provided a phishing-prevention method capable of preventing phishing-related accidents from which an Internet user suffers and storage medium storing a computer program source for executing the method
· People can be trained to have their suspicion aroused if the message does not contain any specific personal information. However, used personalized information, which makes it unsafe to assume that the presence of personal information alone guarantees that a message is legitimate. .
· When a user attempts an access to a specific website through an e-mail and a web browser or inputs his/her own personal information directly in e-mail or the like to transmit the related information to outside, the website to be accessed of a specific server is analyzed in order to warn the user in advance so that the user can select whether to actually access thereto, prior to accessing to the website, if it is in danger.
· When the user attempts an access to a website similar to a famous or known website address, the method of the present invention warns the user of a possibility that will be a phishing website so that the user can select whether to actually access thereto.
· When the user makes use of the function of inputting personal information directly in e-mail to transmit the related information directly to a specific server, the method of the present invention transfers a warning therefore to the user so that the user can select whether to actually transmit the related information.
In making all the warnings and the user's selections, familiar and easily-expressed information associated with the website is provided to the user for correct judgment.
Blog Archive
-
▼
2008
(24)
- ► 29 Jun - 6 Jul (5)
- ► 22 Jun - 29 Jun (5)
- ▼ 15 Jun - 22 Jun (6)
- ► 8 Jun - 15 Jun (5)
- ► 1 Jun - 8 Jun (3)
Wednesday, June 18, 2008
Phishing
Posted by kinki at 5:05 PM
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment