What is phishing?
Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Phishing is carried out by e-mail or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to fool users , and exploits the poor usability of current web security technologies. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures.
Examples of phishing email
Ex1:
From: Chase Online
Sent: Friday, November 28, 2008 10:14 AM
Subject: WaMu & Chase. Safe & Secure - Message id XLKLTRZBGW
WaMu customers: we're proud to welcome you to one of the nation's largest banks; as of September 25, 2008, all WaMu customer deposits are now deposits of JPMorgan Chase, one of the most stable banks in America.
What will change;
Some aspects of the ONLINE SERVICES: Chase Online and WaMu Online
DEADLINE: December, 30, 2008
What you need to do:
Update your information by visiting Chase Online or WaMu Online. Log on to your account and you will be re-directed to the client information update screen.
If you have not signed up for online access, you can enroll easily by clicking "Enroll" at the bottom of the Login page.
Please do not reply to this message. For questions, please call Customer Service. We are available 24 hours a day, 7 days a week.
Sincerely,
Carter Franke
Chief Marketing Officer
Member Services
This site is directed at persons in the United States only. Persons outside the United States may visit International Banking.
Links to third party sites are provided for your convenience by JPMorgan Chase. JPMorgan Chase neither endorses nor guarantees any offerings of the third party providers, nor does JPMorgan Chase make any representation or warranty of any kind about the content, use of or inability to use, the third party sites.
©2008 JPMorgan Chase & Co
Ex2:
From: survey@survey.chase.com
To: Recipient
Sent: 11/21/2008 8:17:54 A.M. Eastern Standard Time
Subject: Customer Satisfaction Survey
Dear Chase client,
Due to the rumors of financial crisis, Chase has decided to make a nationwide survey. The information collected will be used to improve our services and your banking experience with us. For the completion of this survey, we will credit your account with $100.
To take part, please click here.
Note - The information we gather from this survey will not be handed down to any third party.
© 2008 JPMorgan Chase & Co.
Ex3:
To: Recipient
Subject: Add 50$ to your account in 2 minutes!
Dear Customer,
You are invited to take part in our nation-wide 5 question survey. Your time is very important to us so $50 will be credited to your account upon the completion of this survey.
Please note that no sensitive information will be required, collected or stored. The information will be used to further improve our services.
To take part please click here.
© 2008 JPMorgan Chase & Co.
Methods to prevent phishing
Keep Your Email and Instant Message Addresses Private
Better prevent them from landing in your email box in the first place. You may find it useful to have a separate email address for financial institutions, one for trusted friends and family, and one for general or public use. Many email providers will allow you to redirect emails from each of these different addresses to one account to minimize the inconvenience of checking each account. Do everything possible to keep the address you use for financial transactions as private as possible.
Immediately Report Suspected Phishing Contacts
If receive a message that are suspect , call the customer service phone number right away to confirm whether you've received an actual message or not. In addition, almost every bank and credit card lender has a website where you can report suspicious emails and instant messages.
Limit Your Dialogue
The phishing perpetrators might encourage you to communicate with them and attempt to play mind games with him or her. So, the best thing you can do is simply report their activities and move on with your life.
In many cases, almost all of these messages are automated - so attempting to play mind games only leads to more frustration on your part. Just keep reporting them to your bank and the FBI, if necessary. While you may be tempted to send along a nasty letter to the perpetrator, it is better to simply set up a spam blocker and try to ignore them.
When you are threatened with the loss of access to a bank account, it may be very easy to justify giving up sensitive information. The best thing you can do is report anything you suspect as phishing and let the bank and the authorities manage it from there.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment