By Syed Akbar
"Dear customer, there was a major crash in our computer system. We have lost some of the vital data. Could you click on the link below to send us the details of your credit card like its number, expiry date, credit limit and password so that we could update our data after restoration".
"Congratulations! You have won $ 100,000 in a draw of lots of email addresses collected at random from the web. To claim the money, do fill up the following personal details and send us at the email link given below" .
"Dear account-holder, we suspect that an unauthorised transaction has been carried out on your savings bank account. To make sure that your bank account is not manipulated, please click the link below and confirm your personal identity."
If you receive these types of messages to your email address or in a pop-up window while you are surfing the internet, just ignore them. Do not reply to such messages or give personal details, because you are being phished by clever cyber cheats.
Instances of phishing or "password harvesting" have been on the rise in Hyderabad with the city, thanks to its
numerous software firms, attracting the attention of computer hackers and cyber cheats from around the world.
A couple of days ago, M Ramesh, an executive in an advertising firm, received a Yahoo message from his "banker" saying that they need the "existing" password of his credit card as the bank's main server has been hacked."I was about to fill up the details when my colleague suggested that I cross-check with the banker on telephone or in person. When I rang up the call centre of the bank, I realised that the message was fake. I believed the message because it resembled other messages that I receive from my banker regularly," Ramesh points out.
What actually the cyber cheats or "phishers" do with the data they receive from unsuspecting net-users? There have been thousands of instances of creation of fake credit cards and siphoning of money through ATMs using the password provided by the unsuspecting cardholder. Moreover, personal details will quite often help phishers to do on-line business transactions to purchase valuables.
Phishers generally target customers of banks and financial institutions that have a large turnout. In the last couple of months, customers of nearly all major banks in Hyderabad have been targeted by phishers. Besides banking customers, those who use amazon.com, AOL, BestBuy, eBay, MSN, PayPal and Yahoo have also been the target. According to anti-phishers, as many as 10,000 phishing mails are sent to users in Hyderabad.The Crimes Investigation Department of the State police lists "phising" as one of the cyber crimes attacking penal action."The number of phishing attacks, and the associated costs, has increased 10 fold as compared to last year and is on a continuous rise," says MH Nobel of Zoom Technologies.
=====
How to identify phishing messages
=====
1. There will be no personal greetings in the message. Your name will be missing because the sender does not know who you are.
2. Notice whether there is an IP address in the link. If you click on this, it will take you to the fake bank/institution instead of the genuine one.
3. It is better if you do not use the net to provide personal details, particularly passwords or your mother's maiden name, as not all phishing attacks require a fake website. This can be done even through a genuine website. If the website is not fake, cyber cheats give a telephone No. (supposedly of a bank) and when the unsuspecting person dials the telephone number, he or she is asked to dial the card number and then the password. Both the card number and the password are recorded through voice over IP.
4. In case of suspicion, call the banker or make a personal visit to verify the authenticity of the email message.
5. Install anti-phishing software in your computer to detect phishing attempts.
6. Lodge a police complaint, if necessary.
7. Check whether the URL starts with https:// or http://. If you're using IE, look for the lock symbol in the right of the status bar and double-click it to check the validity of the digital certificate.
8. Check your bank accounts regularly to ensure that listed transactions are really carried out by you.
No comments:
Post a Comment