How does the schemer know that the user has an account with a particular bank or broking firm? They do not. They send the email to thousands of users and hope that a percentage of them will have an account with the mentioned company. They are basically 'fishing' for information. The Schemer relies on common banking institutions such as Citi Bank, EBay etc. The email lures the user with phrases such as 'Your Account is about to expire. Please click on the link to update' or 'Your credit card details have expired and unless it is updated you will not be able to carry out further transactions. Please click the provided link to update the information immediately'.

Here is another variation of a phishing email - "Technical Services of your Bank are carrying out a planned software upgrade. We earnestly ask you to visit the following link to start the procedure of confirmation"

Precautions

If you receive such an email exercise caution. {mostip tooltip=0 image=alert}Do not click on the provided link{/mostip} if you happen to have an account with the mentioned Financial Institution, Broking Firm, or other referenced firm visit their website directly (by typing the Bank's address in the browser) to check your account details or better still, call them directly. Generally, companies will not provide a link if they need updated information. Rather, they will request you to visit their website and update your account information. Do not give any personal information over email; generally no legitimate company will ask for emailing them sensitive information.

Resources to Help You

There are several Federal and Private Organizations that provides a wealth of information relating to Phishing:

Netcraft's Anti-Phishing Toolbar - Features

Netcraft's toolbar gives a good source of protection against Phishing sites. Once installed, the toolbar provides information about the URL (company website) you are browsing that is quite informative and helps to be on the alert for suspicious URLs. Netcraft's toolbar provides information about the company such as its online date, hosting location, IP Address, DNS and Reverse DNS entries etc. Applying basic logic one can easily deduce whether the site is genuine or fradulent. The toolbar also displays an alert box if you are visiting a page that has been classified as fradulent. Internet users can also report 'Phishing' sites from the toolbar menu and help build the database on suspicious sites to make the Internet a better place. Netcraft's website also includes a tutorial on installing and using the toolbar. This is a toolbar that is worthy of download. The current version of Netcraft's toolbar supports Internet Explorer. A Toolbar to support Firefox browser is under way. Firefox or other broser users can report suspicious sites from here.

TrackBack URI for this entry