Wednesday, 27 January 2010

Phishing a threat to Internet security

I recently get a mail from a spammer From: "Bank Of India" to upgrade my Bank of India account. I do not have any account, so thought of checking how phishing works in internet. And what are the common steps that needs to be taken to protect yourself.

I clicked on the link, chrome is able to detect the phishing, where as Windows took me to the log in page. It has the proper security certificate. It has the image that it secured by verisign. Where you can log in using your user details. And when I provided any user details, it gives me an error message saying account details is not correct. Clicking on any link gives me 404 page not found error. The Phisher takes the user id and password information put by me and uses it to do any activity in the bank. I was safe as I don't have any account in bank of India and was aware it is an attempt to phish.

What about the users who does not know about it? How does one differentiate genuine mail from that of a phisher?
1) Banks send personalized mail where as phishers send bulk mail.
2) Bank has domain name registered for their bank, where as phishers use name or the mail id as bank but not the domain name. Sometimes they use domain names which are close (instead of icici.com they use icicibank.org or something simillar). So if the domain name is not right, then it is possible from some phisher
3)Use mozzilla or chrome in stead of IE. One more reason why I am a Google fan. Chrome is able to figure out a phishing site from a genuine site.
4) Do not go by verisign security from the image. The image is publicly available. Check if the site is really using https and certificates are valid. In this case verisign secured page was coming from a http page.
5) Do not provide your user name and password and click on upgrade, rather check some other functionalities, and whether the pages are there.
6) Don't go to the bank site by clicking on the link from mail, rather go to it by bookmarking it. It ensures you go to where you need to.

No comments:

Post a Comment