| |
The fraudsters are able to send millions of fraudulent e-mails that, apparently, seem to come from secure Web sites, such as your bank or company issuing credit cards that require you to provide confidential information.
What does a phishing scam?
With increasing experience of the authors of computer fraud, messages and pop-up windows used to defraud users become more sophisticated.
often include the logo and other identifying data apparently authentic and actually learned from companies' websites.
The following is an example of an e-mail message used for phishing.
Example phishing email: the message contains a deceptive URL address linking to a fake Web site
To show more authentic the e-mail message, the author of the fraud may insert a link to the good appearance of the original Web site (1), which actually leads to a false website specially crafted (2) or opens a popup window faithfully reproduces the authentic Web site.
These imitations are often called spoofed Web sites. Once inside one of these spoofed sites, you may inadvertently users to enter personal information that is sent to the author of the fraud.
Locating The fraudulent e-mails
Here are some expressions that can be found in messages sent by the authors of a phishing scam.
"Please confirm the details of its account." Companies
series should have no need to ask you to provide passwords, login information, social security number or other information via email.
If you receive an e-mail message from Microsoft asking you to update credit card information, do not respond to the message: this is definitely a phishing scam. For more information, read Sending fraudulent e-mail messages that require credit card information to Microsoft customers .
"If we do not receive a response within 48 hours, your account will be closed."
These messages often emphasize the urgency of the response to induce to act without stopping to think. The phishing e-mails with implementing this procedure, arguing that, in the absence of a response, you may encounter problems with your account.
"Dear Customer."
counterfeit messages are usually sent in bulk to many recipients and do not contain the name or surname individual users.
"Click the link below to access your account."
within messages in HTML format, you can insert links or fillable forms similar to those found in Web sites
Links that are required to use may contain all or part of a company's true name and are usually "masked" or the provided link does not match the reality, but refers to another Web site, usually prepared by the author of the fraud.
Look at the following example: If you hover your mouse over the link in the box with the yellow background is revealed the real Web address the link. The string number is significantly different from the address of the Web and this is a very suspect.
Example of masked URL address
The fraudsters also use URLs that appear to match the name of a famous company, but in reality, thanks to the addition, deletion or transposition of certain letters are slightly different. For example, the URL "www.microsoft.com" could be written as:
www.mi c osoft.com
www.mi rc osoft.com
www. verify -microsoft.com
From: http://www.microsoft.com/italy/athome/security/email/phishing.mspx
| |
0 comments:
Post a Comment