Helping and Guiding you is a service given at very nominal fee.
But if you feel like helping, you can donate some amount, in order to keep us floating and help others like you.
Know more about Phishing.
The people who fool users and exploits the poor usability of current web security technologies are known as "Phishers" and the act done by them
is known as Phishing.
Phishers are targeting the customers of banks and online payment services. Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as
usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.
An example of a phishing e-mail, disguised as an official e-mail from a (fictional) bank. The sender is attempting to trick the recipient into revealing confidential information by "confirming" it at the phisher's website. Note the misspelling of the words received and discrepancy. Such mistakes are common in most phishing emails. Also note that although the URL of the bank's webpage appears to be legitimate, it actually links to the phisher's webpage.
Phishing is typically carried out by e-mail and it often directs users to enter details at a fake website whose look and feel are almost identical to the
legitimate one.
There are anti-phishing websites which publish exact messages that have been recently circulating the internet. These sites often provide specific details
about the particular messages.
Anti-Phishing Working Group
The Anti-Phishing Working Group (APWG) is the global pan-industrial and law enforcement association focused on eliminating the fraud and identity theft that result from phishing,pharming and email spoofing of all types.
Also majority of the banks have their own materials to make their customer aware about recent attacks and samples of emails.
1.ICICI Bank
2.HDFC Bank
3.Axis Bank
Phone phishing
Not all phishing attacks require a fake website. Messages that claimed to be from a bank told users to dial a phone number regarding problems with their bank accounts.Once the phone number (owned by the phisher, and provided by a Voice over IP service) was dialed, prompts told users to enter their account numbers and PIN. Vishing (voice phishing) sometimes uses fake caller-ID data to give the appearance that calls come from a trusted organization
How to identify legitimate websites
People can take steps to avoid phishing attempts by slightly modifying their browsing habits. When contacted about an account needing to be "verified"
(or any other topic used by phishers), it is a sensible precaution to contact the company from which the e-mail apparently originates to check that the
e-mail is legitimate. Alternatively, the address that the individual knows is the company's genuine website can be typed into the address bar of the browser,
rather than trusting any hyperlinks in the suspected phishing message.
Nearly all legitimate e-mail messages from companies to their customers contain an item of information that is not readily available to phishers.
Some companies, always address their customers by their username in e-mails, so if an e-mail addresses the recipient in a generic fashion ("Dear Axis Bank customer")
it is likely to be an attempt at phishing.
E-mails from banks and credit card companies often include partial account numbers. However, recent research has shown that the public do not
typically distinguish between the first few digits and the last few digits of an account number—a significant problem since the first few digits are often
the same for all clients of a financial institution.
Browsers alerting users to fraudulent websites
Microsoft's IE7 browser, Mozilla Firefox 2.0, Safari 3.2, and Opera all contain this type of anti-phishing measure.
Even I will vote for Mozilla Firefox i found it to be more effective than Internet Explorer 7 at detecting fraudulent sites.
Firefox 2 used Google anti-phishing software. Opera 9.1 uses live blacklists from PhishTank and GeoTrust, as well as live whitelists from GeoTrust.
Some implementations of this approach send the visited URLs to a central service to be checked, which has raised concerns about privacy.
Augmenting password logins
Yahoo's website is one of several that ask users to select a personal image, and display this user-selected image with any forms that request a password.
Users of the online services are instructed to enter a password only when they see the image they selected. However, a recent study suggests few users
refrain from entering their password when images are absent.
A similar system, in which an automatically-generated “Identity Cue” consisting of a colored word within a colored box is displayed to each website user, is in use at other financial institutions.
Security skins are a related technique that involves overlaying a user-selected image onto the login form as a visual cue that the form is legitimate. Unlike the website-based image schemes, however, the image itself is shared only between the user and the browser, and not between the user and the website. The scheme also relies on a mutual authentication protocol, which makes it less vulnerable to attacks that affect user-only authentication schemes.
Phishing Sample Emails
Note:Please allow pop up as on clicking it will open in new window.Url used in this email : http://superiork9protection.com/jquery/jquery/ipswitch/idbi/idbi/BANKAWAY.htm
To be contd...........