For several months, perhaps for a couple of years, I get in through my e-mail "threatening" notices of closure of accounts in banks which have no relationship. Sometimes instead of "threats of closure of the relationship" canal so be promises of gifts of money or other valuables.
At this point you'll feel that I am a lucky man to whom so many people want to make major gifts. Sorry to disappoint you but I'm not lucky, and they are not lucky the millions of people who each day receive these messages, not to mention the people who fall into the trap of the criminals who send these messages.
Trap? They trap! These messages are traps specifically designed to do damage, especially economic, to those who are enticed unwary promises of prizes or are intimidated by "threats". This is all a big scam! It's phishing!
Not know yet what is phishing? It seems strange that has not yet heard, but since talk once more is better than not talking at all with what we see is this.
Phishing is a fraudulent activity that uses the study of individual behavior of a person in order to steal information (social engineering).
This technique is used, so as to obtain access to personal or confidential information with the purpose of identity theft through electronic communications for the most part bogus e-mail messages but are also used instant messaging and telephone contact.
These messages attempt to trick you and take it to reveal personal information, such as account numbers, credit card numbers, identification codes, etc.. that will be in the hands of people who definitely do not have good intentions.
The person (social engineer) who prepares these messages pretend to know, knows deceive others, in a word sa lie.
A social engineer is very good at hiding his identity, he pretends to be someone else succeeding can get information that could never achieve with his real identity.
The social engineer uses a standard method of phishing attack that normally is summarized in the following phases:
1. the attacker (phisher) to the hapless and unsuspecting user sends an e-mail that simulates, graphics and content, to an institution known to the recipient (eg your bank, your web provider, an auction site on line to be entered).
2. e-mail nearly always contains notices of special situations and problems occurring with their account/accounts (such as a huge charge, the expiration, the promise of prize money or valuables, etc.)..
3. e-mail asks the recipient to follow a link in the message, to avoid a penalty and/or to regularize his position with the institution or company in which the message simulates the graphics and setting.
4. the link provided, however, does not in fact the official web site, but to a fake copy apparently similar to the official site, located on a server controlled by phishers in order to request and obtain from the recipient personal details, usually with the excuse confirmation or need to make an authentication system, this information is stored on the server run by phishers, and then end up in the hands of the attacker.
5. The phisher uses this data to buy goods, transfer money or even as a "bridge" for further attacks.
Sometimes, e-mail containing an invitation to take a new "job opportunities" to give the bank details of their account on line to receive the funds of amounts which are to be transferred to other accounts, retaining a percentage amount, which can reach very high figures. Usually, the transfer takes place with free transfers, also via the Internet, to another account on line.
This is the money stolen by phishing, for which the account holder on-line, often in good faith, commits the offense of money laundering. This activity involves the phisher the loss of a certain percentage of what has managed to escape, but there is an interest in dispersing the money in several bank accounts and to turn in different countries, because it is harder to get his account and records identifiers.
As we see the phisher knows his "dirty work" and knows how to organize an attack. But we must not be afraid because we all now that we know the method of attack, we can implement an effective defense by adopting simple measures. Here we go.
The first thing to know is that the bad guys who can not actually implement phishing at bank or on line service where the unfortunate user has an account.
If you get a message that looks like a fraudulent message from your bank is just a coincidence, for it is precisely this that is based on phiser (ie one who tries in the attack act).
The fisher does not really know if his victim has an account with the service being targeted by its action: it is limited to spamming by sending the same message-leaving a very large number of e-mail in the hope of reaching for If any user who does have a account with the service mentioned.
Therefore not require any action on the defensive side of the recognition and deletion of e-mail containing the phishing attempt.
A first inspection to defend against phishing sites is to display the icon (a lock on all browsers) to indicate that you have established a secure connection (eg SSL). In fact, copying the relevant html, you can easily imitate the authentication page which looks like identical to the original while the presence of a secure connection requires certificates that uniquely identify an Internet site.
There are specific programs and even blacklisting (blacklisting), that allow you to alert you when you visit a site is probably not genuine. Users of Microsoft Outlook / Outlook Express can also protect themselves through the free program Delphish, added a tool-bar in MS Outlook / MS Outlook Express with which you can find links in suspicious e-mail.
Warning! It's a good idea to always be wary of someone who asks you, through the various forum, to enter your account information (username, password, credit card number) that are on line accessible via the link in the message. 100% that link does not bring the website of your bank, but to a site clone.
Keep in mind that banks or other on line services will never ask these data using email or message like that.
It's a good idea also never connect to the sites of banks or on line services by clicking on the links inserted into messages, connect to always write the site address (the one sure you already know) in the address bar of your browser.
Finally, at the cost of being repetitive, here are some decalogue for protect themselves from Phishing:
Be wary of any e-mails that ask for your confidential information: your bank will not require such information via e-mail. It's possible recognize scams via e-mail with some little attention. Generally, these e-mails are not personalized and contain a generic message requesting personal information for reasons not well specified (eg, expiration, loss, technical problems), making use of tone of intimidation, such as threatening the suspension when no answer, do not carry an expiration date for sending the information. If you receive a message containing such request, do not respond via e-mail, but your bank immediately informed through the call center or by going into a branch. Do not click on links in suspicious emails, as these links may lead you to a spoof site, hardly distinguishable from the original. Although the address bar of your browser displays the correct address, do not trust, and possible in fact for a hacker to display an address different from that in which you are actually. Be wary also of e-mail with very long web addresses containing unusual characters. When entering confidential data into a web page, make sure that this is a secure page: These pages are recognizable as the address which appears in the address bar of your browser starts with https:// and not http:// and in the lower right corner of the page and this a lock. Be suspicious if you suddenly change the mode in which you are prompted to enter your access codes to the home banking, for example, if they are requested not through a page of the site, but through pop-up (an additional window of size reduced). In this case, contact your bank by going through the call center or in branch. Regularly monitor your account statements and credit cards to ensure that the transactions listed are those actually carried out. Otherwise, contact your bank or card issuer. The producers of browsers will regularly available on-line and free down-loadable updates (called patches) that increase the safety of these programs. Sites of these companies and can also verify that your browser is updated, otherwise, and should download and install the patches. Internet and a bit like the real world: how would you give to a stranger is not the PIN of your ATM, so we must be extremely cautious in handing over your sensitive data without being sure of who is asking them . If in doubt, contact your bank.