Phishing Online — Don’t take the bait…
July 21, 2008
If you haven’t heard of phishing by now you must have your head in the …water. Although as security professionals are discussing “spear” phishing — carefully crafted and targeted phishing attacks — many employees and Internet users and getting left …in the wake. Lets take a quick phishing trip and learn some easy ways to avoid getting bitten ourselves.
What is the alternative to clicking on email links?
- Type the website manually into your browser address bar (and then add it to your favorites/bookmarks).
How do I identify Phishing emails/websites?
- Poor spelling/grammar/design or a forged URL (e.g. xttp://12.34.56.12/bankname or xttp://bankname.badguy.com).
Why are Phishing emails sent?
- To gain your trust, direct you to fake website and then steal your credit card number, social security number, account number and/or password.
Why can’t we stop Phishing emails?
- Most users have anti-virus and anti-spam controls but the tactics of Phishers are constantly evolving and some manage to slip through the net.
Why is it so easy to send Phishing emails?
- Unfortunately email was built without any native authentication of the sender so it is trivial to spoof email (manipulate the “from” address).
Where did they get my email address?
- Unprotected email addresses are often harvested from websites, bulletin boards, or may be automatically generated.
What do I do with Phishing emails?
- Report them as appropriate within your organisation, or just ignore and delete them.
Does someknow keep track of known Phishing websites?
- PhishTank is a community effort to identity phishing websites. You check a suspected phishing website against those known by the community.
Why on earth the name Phishing?
- The term Phishing is a variant of fishing and refers to the use of electronic communications used as bait to catch sensitive information.
Photos from my Phishing Trip
 HSBC Phishing Email |
 HSBC Phishing Website |
 Abbey Phishing Email |
 Abbey Phishing Website |
 Lloyds Phishing Email |
 Lloyds Phishing Website |
 Nationwide Phishing Email |
 Nationwide Phishing Website |
 NatWest Phishing Email |
 NatWest Phishing Website |
 PayPal Phishing Email |
 PayPal Phishing Website |
May 20, 2009 at 11:49 pm
[...] Phishing Online — Don’t take the bait… [...]