ep6network | Network security

Network security, Security softwares,wifi security, wireless security

Welcome

At first welcome to my Network Security forum. Here you can find all the security features of a network and Operating system also. In this blog you will find the best notes. I tried to simplify and descriptive those notes. You can find here different types of Adware and Spyware threats and their prevention, definition of Different types virus and procedure their cure, Antivirus and some link of free antivirus, spy cure, adware cure etc. we can also learn here How to secure telephone network, Large area network (LAN), Wide area network. Here I have provided the trick of Firewall, The architecture of a network, Cryptography, Internet Key exchange, IP security, Crypto History, Cryptography Blocks and many more which will help you to further study. And this is not the end Keep visited this blog and I will provide you more a more security tricks. And don’t forget to comments on that if it is bad or good. Please do comment on my thesis. Your comments will help me to upgrade my thesis. And if you want some exact notes on some security tricks. Please do inform me. My email id is ep6secuirity@gmail.com I will try to do my best, if I will not be able to fulfill your requirements, I will make you inform.

Thanks and Regards

Utsav Basu

For – ep6network.

Sponcers

Your Ad Here

Recognize and Avoid Phishing Scams

Threat Type: Victim enabled

Examples of Threats:

  • E-mails asking for account information that will then be used by identity thieves.

  • E-mails "selling" security services.

Our Tips:

  • Never click any of the links within the e-mail.

  • Never send account information via e-mail.

  • Never reply to any e-mail asking for personal or account information, even if a phone number is provided.


Phishing is a relatively new social engineering scam that has become one of the most popular tactics used by identity thieves. Phishing scams play on people's fear or sense of doing what is right by tricking victims into willingly supplying scammers with personal information, account numbers, passwords, and mothers' maiden names. Some thieves take it a step further with confidence scams that offer "identity security" to their former victims and then hit them again.


Very Important

For those unfamiliar with the concept of social engineering, Wikipedia.com defines it as the practice of obtaining confidential information by manipulation of legitimate users. A social engineer will commonly use the telephone or Internet to trick people into revealing sensitive information or get them to do something that is against typical policies. By this method, social engineers exploit the natural tendency of a person to trust his or her word, rather than exploiting computer security holes. It is generally agreed upon that users are the weak link in security, and this principle is what makes social engineering possible.


To give you an idea how widespread this problem has become, the following statistics were taken from http://www.mailfrontier.com (with the original source reference included). In 2005

  • 5.7 billion phishing e-mails were sent each month (Anti-Phishing Work Group).

  • $1200 was the average loss to each person successfully phished (Federal Trade Commission).

  • 13,228 unique phishing attacks (on average) were launched per month (Anti-Phishing Work Group).

  • 3431 phishing websites were created (on average) each month (Anti-Phishing Work Group).

In others words, this is a pretty big problem. If you fall for one of these scams, you could be looking at real financial losses, and potentially years to repair your credit rating. The key realization is that there would not be all this phishing activity going on if people were not falling for it.

Very Important

The term phishing is kind of a funny spelling of the word fishing, referring to fishing you for your identity. The ph instead of f in the spelling gets its origins from the term phreaking, which is a form of hacking into phone lines to get free long distance. There is still some debate on exactly how and when the use of the term got started, but most people assume it is a combination of the words phone and freak. This spelling convention has carried over to computer hackers for hacks such as pharming and phishing.


How Phishing Scams Work

How Phishing Scams Work

The typical phishing scam begins with an e-mail that looks entirely legitimate. The e-mail can appear to be from a bank, online auction company (such as eBay), money-transfer service (such as PayPal), or even a charity. Often, the e-mail states that your account is about to expire (or will be suspended) unless the person's account information is verified. A link to a website is usually provided. When you click the link, you are directed to a web page that prompts you to enter your account information or passwords or credit cards numbers or some other sensitive (and potentially damaging) information, or all of the above.

The problem is, even though the website you were taken to looks legitimate, the website is a fake whose only purpose is to capture that valuable account and password information, or worse, your credit card information.

Phishing scams can also be sent via instant messaging or even as invites to online contact libraries.

From the perspective of the thieves, this is a good business because they literally send millions and millions of e-mails out using automated programs. Even just a few responses make the effort worthwhile. When they have a mark, they empty the victim's accounts and move on to the next one. These folks are usually set up in countries with no extradition laws, and they move around a lot. So, even if the authorities find them, it is difficult to bring them to justice.


One reason phishing schemes have become both more prevalent and more successful is the wide availability of powerful publishing and graphics programs that scammers use to create legitimate-looking e-mails, complete with corporate logos and letterheads and graphics. In addition, the scammers create web pages that are nearly indistinguishable from the real corporate sites they are mimicking. Some go so far as to copy the exact navigation structure of the real website so that when you click the link you are taken to a page that looks just like the one that you would find if you typed in the real URL. When you type in your login ID and password, they (the identity thieves) can immediately go to the real site, log in, and gain access to all of your information (and have the ability to do anything you could do on the site in question).

This is all a bit daunting, and although we pledge not to go over the top with scare tactics in this book, this is one scam you should always be on the alert for. Some of these e-mails look amazingly legitimate. If you do not want to take our word for it, go to the following URL, which provides a phishing IQ test:

http://survey.mailfrontier.com/survey/quiztest.html

Good luck guessing which ones are real and which ones are phishing attempts. (Just in case the site gets moved, you can also go to Google or some other search engine and search for "phishing IQ test.")

Be sure to look at the "why" portion of the results; it explains how you can tell whether the e-mails are real.

This does seem pretty scary, but there is some good news; there are usually some specific giveaways within these scam e-mails, and even without the clues there are things you can do to avoid being taken advantage of.

One hard and fast rule is that you should never, under any circumstances, click a link from an e-mail that you even remotely suspect as not being legitimate. In fact, even if you do not suspect the e-mail of being a fake, you should still not click the links in the e-mail. The reason for this is that it is a simple matter to redirect a link on a page or in the text of an e-mail to any other site. For example, if I enter http://www.citibank.com, you would think that clicking the link will take me to Citibank's corporate website.


If you do need to go to the link in the e-mail for whatever reason, the best thing to do is to manually type in the URL (address) into the address window in your Internet browser. You can also Google the name of the company you are trying to reach and click the link in the results page. Doing this takes an extra step or two, but at least this way you will be sure you are going to the address you entered and not a redirect.

One more thing: In some cases, a legitimate-looking URL is fake, and even if you copy the text into your browser you could still end up in a bad place. For example, consider the following URL:www.google.com@halcyon.com/account_control.

In this case, you might think that you are going to an MSN site; however, if you go to that site and enter your personal information, you are about to get taken.

The lesson here is pay attention and be vigilant. The ".com" is a simple naming convention and not a hard-and-firm rule that governs where a web page actually lives. These extensions include .org, .gov, and .edu, to name a few. You can take any known site, add some other words or letters to the end of it, and register it as a domain name, as long as nobody has already registered the name. You should also be careful about common misspellings and typing errors when manually entering the address. These mis-types will almost always be registered names. In most cases, it will end up being a porn site, but it would not surprise us to see phishing sites set up before long.

How to Avoid Becoming a Victim

The first thing a person can do to help himself/herself is be suspicious of any e-mail stating that an account, or any other information, is needed, even (or especially) when it looks legitimate. The bottom line is that if a company you do business with needs to contact you, someone, somewhere will pick up the phone and call you. (If you are suspicious about the call, call them back using the phone number listed on your bill.) This may not be the case 100 percent of the time, but always be suspicious of these types of e-mails. Healthy paranoia is a good thing. As we have stated in our previous books, if you think your credit card company has really lost or forgotten your account number, go shopping. That is exactly what the identity thieves who sent you the e-mail will do if you "verify" the number via the e-mail. At least this way you can get some new stuff.


Very Important

Some of the scams include a working pay or toll-free number. If you want to call to verify whether an issue exists, do not call the number posted in the e-mail. Use the one in the phone book or on your bill.


Do you actually do business or have an account with the company or institution in question? This one would seem like a no-brainer, but there are many known cases of people getting burned by e-mails that should have been deleted as soon as the name or logo appeared on the screen because they should know it does not concern them, legitimate or otherwise. As far as we can reason, people must just feel a sense of obligation to right a perceived error or respond to something that seems authoritative. Don't do it! The scams rely on people doing what they think is the right thing to do. This is how most social engineering scams work


Is the e-mail addressed to a generic title? If the e-mail begins with a greeting such as "Dear account holder" or "Dear business name member" or any other greeting that does not use your full name or login ID, it is probably a phishing attempt. Even if it does use your full name or login ID, it might be a scam; if not, however, it should be dismissed outright. In the examples shown (most of the figures in this chapter have generic titles), if the bank knows that all this activity took place on your account, shouldn't they know your name?

Is the e-mail from a strange sender? If the e-mail is from a strange-looking e-mail address (much like spam), ask yourself why your bank does not have a more normal address? If you get an e-mail from MyBank, it is a good bet that the person sending it should have an e-mail address ending in @mybank.com.

Does the e-mail sound urgent, threatening to close an account if you do not take action? The faster you act, the less time you have to think. The people who run these scams want you to move fast so that you give them your personal info before you figure out the scam.

Does the e-mail have misspelled words or poor grammar or sentence structure? Many phishing scams originate overseas or in countries with loose copyright and extradition laws. Although the scammers are talented at creating logos and web pages, they seem to have all skipped language lessons. That is not to say that a perfectly structured e-mail is legitimate. To be sure, however, a poorly written one is a trap.

Does the e-mail ask for charitable donations (often in the wake of a disaster)? The American Red Cross and just about every other reputable charity all have policies in place stating that they do not solicit for donations via e-mail. If you get an e-mail asking for donations, assume it is a scam. If an e-mail alerts you to a relief effort that you want to support, delete the e-mail, open a browser, and go to the official site of the charity you want to support. Do not click any links within the e-mail. This is one of the most insidious forms of phishing, preying on good-intending people and diverting funds from those who would have received additional help. Never respond to an e-mail asking for charitable donations.

Does the e-mail state that you have won a contest or prize that you did not even enter for? It is fake! The previous example showed how scammers prey on people's charity; this type plays on greed. Unless you have specifically entered a contest, do not reply to this type of e-mail. In fact, even if you did enter a contest, do not reply to the e-mail.

Is the e-mail regarding a transfer of funds from a bank in Nigeria? Delete Delete Delete!

Is the e-mail regarding a recently deceased, wealthy, long-lost relative and you are the only family member they can find? Forward these to your dumb cousin whom you don't like anyway. Really, this has got to be one of the worst scams ever, and yet somehow people fall for it. The e-mail asks for your account information so that they can transfer your inheritance into it. The only transfer that will happen will not be in your favor.

Is the e-mail offering security services through a bank or other type of institution? This is a new version of the confidence schemes. Telemarketers used to do something similar by going back to people they had previously ripped off, offering to track down the stolen money for a fee (thereby ripping them off a second time). In this scheme, people who have been burned, or who are afraid to get burned, are enticed to provide credit card data to pay for bogus services


These are just some examples of many types of phishing scams out there. The scammers are getting bolder, smarter, and more clever with each scam. So, be on the look out as they are sure to invent new ones every day that do not follow the common examples in this chapter.

Unfortunately, most of the security measures we talk about in this book do not catch or otherwise deter phishing scams (other than spam filters, but those are not 100 percent effective in blocking these types of e-mails). The next section covers what to do if you get an e-mail you suspect as fraudulent. The short answer is if it looks suspicious, delete. You are the best filter.

What to Do If You Suspect You Are the Target of a Phishing Scam

What to Do If You Suspect You Are the Target of a Phishing Scam

The first obvious answer is do not click the links or reply to the e-mail! We cannot emphasize this enough. There are basically a couple of things to do after that:

  • Notify the actual institution referenced in the scam. Chances are they will already know about it, but you can at least feel like a good citizen for doing your part to help others. After you notify them, delete the e-mail.

  • Just delete the e-mail. Chances are the authorities already know about it. Save yourself some hassle.

  • If you have already responded to one of these e-mails, call the number on the back of all your credit cards and contact your financial institutions to alert them that you may have been the victim of a scam. You should also check your credit report once a year or so to monitor against suspicious behavior.

  • Contact your state's attorney general to report the scam. Also, report the scam to the Federal Trade Commission. The FTC has a website specifically regarding identity theft:www.consumer.gov/idtheft

    • Or call 1-877-ID-THEFT.

    If for whatever reason you do think you might have an issue with an online account, close the e-mail, enter the URL address you have for the business you deal with, and log in to your account. Better still, call the number on your billing statement and talk to a live person. Never use any of the information provided in the e-mail to contact the party in question.


Summary

Phishing scams are one of the fastest growing and most costly security issues on the Internet, but you can avoid them just by taking the time to look at the request and seeing it for what it is. This type of scam only works when you let it happen. Follow the rules laid out in this chapter and do not be in a rush to respond to official-looking e-mails. Reputable financial and business institutions have largely stopped using e-mail communication and rarely (or never) request personal information via e-mail.


0 comments:

Post a Comment

Promote my blog from
Technology Visit blogadda.com to discover Indian blogs Top Blogs
blogarama - the blog directory blog directory Blogs lists and reviews Blog Ratings Show off your blog
My Zimbio Webfeed (RSS/ATOM/RDF) submitted to http://www.feeds4all.nl TopOfBlogs GoLedy.com Best Indian websites ranking Technology (Gadgets) - TOP.ORG
Free Blog Directory Internet blogs Webfeed (RSS/ATOM/RDF) submitted to http://www.feeds4all.nl