Phishing And How To Block It...
Part 1


The best way to understand phishing and how to block it is for Internet users to become aware of the techniques used for phishing.

This means that phishing ploys can be easily recognized so, either combative action can be taken, or the phishing email just deleted with no harm done.

Besides knowing about techniques open to phishers, there is additional help available from software for detection and protection... and much of it is FREE.

So, armed with the knowledge and tips in these two articles, you'll find that you are easily able to spot those phishing emails and deal with them confidently to guard privacy.

Here's what we'll be covering in Part 1...

  1. What Is Phishing?
  2. Phishing Techniques
  3. Practical Tips
  4. Supporting Articles

1. Phishing And How To Block It... What Is Phishing?

Phishing is the name given to the technique of stealing personal information from Internet users. The information phishers want is usernames, passwords, account numbers, credit card numbers and social security numbers.

And why do they want this information? Usually to commit identity theft or fraud... in other words, to either withdraw or spend your money or to use your identity to set up loan accounts and credit cards to spend money in your name. Often, these fraudulent purchases are put up for resale and the personal data can also be sold on to others.

"Social Engineering"

A phisher's success is achieved using "social engineering". For phishing, this means lulling the recipient into a false sense of security with emails and websites that appear trustworthy and which convince the recipient that it's okay to provide the information requested.

Generally, these emails look like they have been sent from banks or other financial institutions and which give a plausible reason as to why they are requesting the personal information.

The phishing attacks typically combine spam e-mail and fraudulent Web pages that look like legitimate Websites.

Often the recipient is asked to click on a link in the email which leads the user to a cloned, counterfeit website. It's here that the victim -- thinking they are at a genuine website -- then enters their username, password, account number etc.

The phisher then uses the information to visit the victim's real account!


2. Phishing And How To Block It... Techniques Phishers Use

Here are some of the ways phishers attempt to give the appearance that their emails and the websites linked to those emails are genuine...

I. Phishing And How To Block It... Amended URLs

Pay attention to the URL (Uniform Resource Locator), or address, of a web site link included in the email and the email address itself. Malicious web sites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain, such as '.net' instead of '.com'...

An example of a slight difference in spelling, could be www.mybankk.com, where an extra letter has been added. Another variation is the addition of an extra word, like 'online' -- www.mybankonline.com.

Also popular is the use of subdomain names, like www.mybank.com.name.com and www.mybank.com@name.host.com. This example could fool someone into believing that the email has been generated by 'mybank', whereas it really is just a username in a completely different address at www.name.host.com.

II. Phishing And How To Block It... Floating Window Java Script

This trick is used extensively by phishers. When victims click on a link to a website in the phishing email, they are taken to a site which uses a Java Script program to cover the actual URL in the address window with the image of a fake one.

So, although you may see the address of the authentic site in the window, it is actually a fake site. This technique of using a false URL is known as 'spoofing'.

III. Phishing And How To Block It... Spyware Infection

By clicking on links in spam and phishing emails, we can also run into the risk of downloading Trojan horse spyware. This malware can copy our bank's webpage and when we type the actual address of our bank into our browser, it will redirect us to a fake page that requests our account number and password, etc.

IV. Phishing And How To Block It... Security Holes In Browsers

Internet Explorer (IE) has frequent security vulnerabilities, which are used by phishers and other cybercrooks. Without IE security updates -- also known as patches -- to fix these vulnerabilities, you can fall prey to fake and cloned websites.

V. Phishing And How To Block It... Phone Phishing

As we have got to know the techniques phishers use and so are better able to spot these scams, so phishers are altering their tactics to try to ensnare us.

One such change is the use of phone phishing using landline phones and Voice over Internet Protocol (VoIP) -- called 'Vishing'.

It works with the scammers sending out their trick e-mail from a bank, for instance, but this time, rather than clicking on a link, you are asked to call a 'phone number.

Victims who call the number are connected to a computer running an automated voice-answering system that sounds just like a bank's. The message identifies itself to the victims as the real financial institution and prompts them to enter account numbers and personal identification numbers (PINs). The phishers then have complete access to all the financial records attached to the account.


3. Phishing And How To Block It... Practical Tips

I. Phishing And How To Block It... Don't Provide Personal Information

No real financial or e-commerce institution will ever ask for your personal or financial information. So do not trust any e-mails requesting personal information.

Do not get panicked by email which appears to be from your bank, PayPal, or other commerce site that informs you of a financial transaction or withdrawal. The email will ask you to verify the transaction by clicking on an account link and then asking you to provide your account-related information. This is a typical phishing scam.

II. Phishing And How To Block It... Turn Off HTML EMail

One of the easiest ways to detect phishing spam is to turn off HTML email. By doing this, an email client will always display the raw URL address of a link, rather than display normal text.

When you receive an email from a purported financial or e-commerce institution, check the email address or website URL. Check to see whether the address/URL matches that in your statements or previous correspondence with your financial institution.

If you are still unsure whether an email request is legitimate, don't click on any links, but verify it by contacting the company directly.

III. Phishing And How To Block It... Don't Click Links Or Phone

Never click on links in emails... particularly when it concerns your financial information.

If you believe the email could be genuine, type the URL of the authentic website into your browser manually... you are then not tricked into being diverted to the phisher's website.

Unfortunately, phone numbers are more difficult to identify as being legitimate. Always dial the numbers listed on the back of your bank cards or on your financial statements... never the phone numbers received in an email.

IV. Phishing And How To Block It... Greetings And Spelling

Real organizations greet you by your name in their mails. Their mails start with a salutation that includes your name, like 'Dear Mr. Smith'.

Beware of emails that greet you impersonally, such as 'Dear Friend'. The chances are they are phish mails generated by spammers.

Besides impersonal greetings, phish mails may often contain spelling and grammatical errors that reputed organizations would not make.

V. Phishing And How To Block It... Web Site Security

Secure websites, such as banks and other financial institutions, will have the sign of a lock at the lower, right hand corner of your browser to denote that SSL encryption is being used.

The URL will also begin with https://, rather than the standard http://. This informs you that, as your personal details are transferred over the Internet, they cannot be read by anyone-else because they are encrypted. For an explanation, take a look at The Role Of SSL And SSH.

Other reputable sites show the logo of an organization giving security guarantees, such as Verisign.

Phishers are not likely to invest in website security features to perpetrate their scams, so such security signs can give you some confidence that the site may be genuine.

As always, there is a "however"... it has been known for phishers to add false logos to their fake sites. I'm sorry that this doesn't give you a guarantee, but it does point to the fact that we shouldn't trust any emails and their links. The only safe guarantee I can give you is my previous advice... don't click on any email links!

For Part 2 of this article, which looks at and discusses free antiphishing software and how you can report phishing attacks, go to Phishing And How To Block It: Part 2.

Added to that, there is other information that will help your protection to guard privacy against phishers and spam, which you will find in the following supporting articles...


4. Phishing And How To Block It... Supporting Articles

  1. Phishing and How to Block it - Part 2
  2. 5 Steps to Phishing Protection


New! Comments

Have your say about what you just read! Leave me a comment in the box below.