One strategy to combat phishing is to train people to recognize phishing attempts, and exposing them to the knowledge of how to deal with them. Education can be effective since training provides a direct feedback. Spear phishing, a form of phishing targeted at a specific company, has been harnessed to train individuals at various locations, including the United States Military Academy at West Point , NY West Point cadets were tricked when a fake email was sent and revealed their personal information.
People must take steps to prevent themselves from phishing by slightly modifying their browsing habits and taking appropriate measures. When asked to reveal any personal and sensitive information such as the account details or any password, it is always a wise step to contact the company from which the email apparently originates to check that the email is legitimate. Alternatively, the address of the website which the user knows to be legitimate can be typed in the address bar rather than trusting any hyperlinks within the suspected message.
Nearly all websites contain information that is not available directly to the phishers. PayPal for example, always addresses the users by their user names and not by any generic names such as: “Dear PayPal Customer”. This can be used as a means of identifying whether the website is real or fake. Some financial institutions tend to use the account numbers of their customers as a way to authenticate the messages. But according to a recent research the customers typically do not distinguish between the first few digits and the last few digits of an account number which is a significant problem, since the first few digits are all same for most financial institutions. People's suspicion can be aroused if they do not find any specific personal information in their messages. However, phishing attempts in early 2006 included personal information, which makes it unsure to assume that if a message carries personal information then it is safe. Furthermore, according to recent research, people hardly pay attention to the fact that personal information is present and hence the presence of this personal information does not bring down the success rate of phishing attacks.
The Anti-Phishing Working Group predicts that the conventional phishing attacks would become obsolete in the future due to the awareness among the people against phishing. They predict that pharming and other forms of malware will become useful in stealing information.
It would be a courteous act for everyone to educate the people about safe practices and avoid dangerous ones. However, as a misfortune, even well known players are known to incite users to hazardous behavior for example, by requesting their users to reveal their passwords for third party services such as email.
People must take steps to prevent themselves from phishing by slightly modifying their browsing habits and taking appropriate measures. When asked to reveal any personal and sensitive information such as the account details or any password, it is always a wise step to contact the company from which the email apparently originates to check that the email is legitimate. Alternatively, the address of the website which the user knows to be legitimate can be typed in the address bar rather than trusting any hyperlinks within the suspected message.
Nearly all websites contain information that is not available directly to the phishers. PayPal for example, always addresses the users by their user names and not by any generic names such as: “Dear PayPal Customer”. This can be used as a means of identifying whether the website is real or fake. Some financial institutions tend to use the account numbers of their customers as a way to authenticate the messages. But according to a recent research the customers typically do not distinguish between the first few digits and the last few digits of an account number which is a significant problem, since the first few digits are all same for most financial institutions. People's suspicion can be aroused if they do not find any specific personal information in their messages. However, phishing attempts in early 2006 included personal information, which makes it unsure to assume that if a message carries personal information then it is safe. Furthermore, according to recent research, people hardly pay attention to the fact that personal information is present and hence the presence of this personal information does not bring down the success rate of phishing attacks.
The Anti-Phishing Working Group predicts that the conventional phishing attacks would become obsolete in the future due to the awareness among the people against phishing. They predict that pharming and other forms of malware will become useful in stealing information.
It would be a courteous act for everyone to educate the people about safe practices and avoid dangerous ones. However, as a misfortune, even well known players are known to incite users to hazardous behavior for example, by requesting their users to reveal their passwords for third party services such as email.
0 comments:
Post a Comment