Monday, August 1, 2011

PHISHING - Can your Browser protect you?

"When facts fail , reasons prevail."
You must be wondering why i used this quote in the beginning(i know none of you must have heard this because i created it while writing this blog) .
This is what phishing is all about . there has been a lot of buzz about the phishing scams that occur now and then which mostly targets lame internet users(sometimes expert) . They have a knowledge of almost all the technical advancements that internet can provide us like using emails, net banking, social circling etc. These are the building facts of the world wide web. But when there is some mis-happening(stealing of password, bank accounts etc) then they realise the reason behind it could be somthing we can call as a phishing scam .
before i tell you some intresting facts about phishing and its countermeasures let's find out what exactly is a phishing scam.

In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail or instant messaging and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to fool users and exploits the poor usability of current web security technologies.Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures.

There are numerous techniques exposed so far but i am mentioning the most commonly used scams here
Link manipulation

Most methods of phishing use some form of technical deception designed to make a link in an e-mail (and the spoofed website it leads to) appear to belong to the spoofed organization. Misspelled URLs or the use of subdomains are common tricks used by phishers. In the following example URL,, it appears as though the URL will take you to the example section of the yourbank website; actually this URL points to the "yourbank" (i.e. phishing) section of the example website. 

Filter evasion

Phishers have used images instead of text to make it harder for anti-phishing filters to detect text commonly used in phishing e-mails.

Website forgery
This is the most widly used phishing technique. We can say that website forgery is a super set of the other two phishing scams namely link manipulation and filter invasion because its basically the forged link or the web page that is mostly transferred as the target page.

Phishing Facts


MessageLabs, a company that manages email security, reports a vast increase in phishing emails in the past six months. In September, 2003, the number of phishing emails the company saw was 279. By January of 2004, the number had risen 1200 percent to 337,050. Meantime, the Anti-Phishing Working Group, an industry association focused on eliminating the identity theft and fraud that result from the growing problem of phishing and email spoofing, reports more dangerous facts. In April, the attacks increased 180%, and reports show 15 of the top 20 targeted organizations are financial institutions.
  • 1 in 5 Americans were the target of phishing attacks during the last year.
  • 57 million consumers have received phishing emails.
  • Out of 4 million consumers who encountered fraud last year when opening a new online account, over 50% said they also received a phishing e-mail.

India has got the dubious record of being among the top 10 countries where sites involved in `phishing' are hosted the most, according to a new report released by Anti-Phishing Working Group.


Post a Comment

Donation Plan:

Site Maintained by Prerna