Sunday, June 23, 2013

Phishing, What it is And How to Deal With It

Hi Class,

This week’s blog I wanted to discuss something that is still alive and well today as it was since it began, “Phishing”.  For the most part we’ve all heard of the term and even understand what it is, but if that’s the case, then why are still so many being fooled.
Phishing defined, “Is an e-mail fraud method in which the perpetrator sends out legitimate-looking email in an attempt to gather personal and financial information from recipients” Rouse, M. (2007).  In laymen terms, phishing is a scam, and increased 59% in 2012 from 2011, according to EMC. 
Phishing uses many ways to disguise their being.  For instance, hijacking websites, i.e. banking sites, retail stores, and online stores to name a few, then capturing an individual’s account information. Social engineering is also widely used; this is where the perpetrator poses to be from a company and sends an e-mail or even calls an individual stating there is a problem with their account and request their account information to fix the error. Use of scare tactics and intimidation are not beyond the perpetrators scope of achieving their goal……garner information to extract the money.
Phishing is only expected to rise, not fall, due to the onslaught of smartphones.  Capturing individual’s information as it passes unencrypted through the air is a convenience for the perpetrator and the multitude of available apps makes smart phones and their users a perfect target.  Apps on a smartphone are not much different than that of a website.  The individual thinks the app is valid, but in reality it’s a hard to tell.   Since the apps are well-disguised, it's easy to build in code into an app which is  capable of capturing a users account information without them even knowing it.
However, all is not lost.  Phishing can be mitigated through education and a little attention to detail.  Below are a few tips to help keep information safe.  Of course it’s not all encompassing, but it’s a good start in keeping each one of us from becoming another victim.
Some tips:
-          Never ever give out your account information to anyone….banks and places of business will 
         never ask for it
 
-          If you receive a request through e-mail, look at the link, chances are, the URL is different
        from the real websites address
 
-          Pay attention to detail and don’t be intimidated.  Many of the perpetrators try and use
        intimidation to garner your information.  Scare tactics such as threatening to turn off your
        utilities or sending your name to a credit bureau if you don’t comply are methods
        perpetrators will employ in hopes you’ll give in.  Don’t fall for it.
 
-          Keep software up to date such as spy-ware and adware
 
-          Be careful what you say in the open
 
-          Good common sense, if something doesn’t seem right or feel right, chances are, is isn’t right
 
 
 
References:
Rouse, M., Phishing, (2007).  Retrieved from http://searchsecurity.techtarget.com/definition/phishing
The Year in Phishing, January 2013.  Retrieved from http://www.emc.com/collateral/fraud-report/online-rsa-fraud-report-012013.pdf
 
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)