  This is what someone said about FISHING : “ A stick and a string with a fly at one end and a fool at the other .” But now we are talking about PHISHING .
And in this context the maxim changes thus: “ A mail alongwith a spoofed website (URL) at one end and unsuspecting customers at the other .” PHISHING In computing, phishing, short for P assword H arvesting f ishing , is the luring of sensitive information, such as passwords and other personal information, from a victim by masquerading as someone trustworthy with a real need for such information.
The term was coined in the mid nineties by crackers attempting to steal mailing accounts. Such accounts began to be called ‘phished’, but since then, ‘phishing’ has become much more sinister than just ‘playful’ hacking. Users of on-line banking or e-commerce sites are the main targets. The players now ‘phish’ for user IDs, passwords, credit card numbers, et al.
Phishers often dangle bait in the form of attractive online offers. Your in-box could contain a simple message from an authentic looking address (that of your banks) seeking confirmation of your credit card number, or it could be a link to a cloned website. Either way, you end up parting with private information — and thereon funds from your bank or credit card account. Methodology Typically the email will appear to come from your bank (any other financial Institution or any company which provides transactional services over its website) with a subject and message intended to instigate the addressee into taking action.
A common approach is to tell the recipient that their account has been de-activated due to a problem and inform them that they must take action to re-activate their account. The user is provided with a convenient link in the same email that takes the email recipient to a fake webpage appearing to be that of a trustworthy company. Once at that page, the user enters personal information which is then captured by the fake party.
Some checklists to identify faked e-mails: The email specifically states it's not a scam. It's kind of like when a cop stops a guy for speeding, and he immediately sputters out, "I didn't murder anybody! You can't prove anything! " The email requires immediate action of some sort, especially when it's out of the blue. Many emails would say something like "Account verification needed" or "Update your information," threatening to "terminate the account" if you fail to do so.
Skepticism is your friend.&nbsp; The email asks you to email back sensitive information. There is virtually no legitimate business that will ask a customer to do this; the typical email usually has no protection and is very insecure. Put it this way: If your bank actually uses this as a method of verifying account information, you need to switch banks.&nbsp; The email contains a link, which leads to a form where you're told to input your sensitive information. These forms are often cleverly duplicated pages on a phisher's site; phishers duplicate the general format of a company's page right down to the logos, layout, and fonts to create a sense of legitimacy. The information you provide in the form, however, will be sent to the phishers for them to enjoy.&nbsp; The email contains typos or blatant grammatical mistakes.
These companies hire people to write actual customer service emails; it's what they do. A typo isn't a big deal, and a split infinitive isn't something to get too worried about. However, in particular, you should watch out for: Two or more typos/misspellings. o&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Run-on sentences, like "We need to confirm your information, thank you for your time. " o&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Weird capitalization, like "You are a Valued customer, and we appreciate Your business. " o&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Blatantly bad syntax, like "Our records is indicating your information are outdated.
" o&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Incorrect brand spellings, like an eBay representative writing "Ebay" or "e-Bay. " The email is impersonal. In many cases, legitimate organizations will provide some sort of personalized information in the email; for example, your account number or your first name ("Dear Ashis"). The goal of phishers' emails is to get this information, so obviously they wouldn't have it. Thus, the email is impersonal ("Dear Valued Customer") with no personalized details.
Prevention tips Don't download any included attachments. Despite what the email says, most legitimate organizations don't require their customers to download emailed programs to maintain accounts.&nbsp; Don't follow any links within the email, especially if the provided link is a long and cumbersome link. Instead, open a browser window, and manually type in the web address of the company (e.g., "http://www.onlinesbi.com") and follow links there.&nbsp; Contact customer support of the company who supposedly sent you the email via email or phone, and ask them to verify whatever claims are being made in the email ("I received an email telling me my account may be canceled if I don't confirm my account number; is this true? ").&nbsp; Do NOT respond to the original email. Get the email address from the comp any's website after manually typing in the address.&nbsp; &nbsp; Challenges Statistically, phishing resulted in a loss of $ 1.2 billion in the US alone.
This has resulted in investments in the area of anti-phishing software. The business potential for anti-phishing software is expected to be around $ 200 million in 2004 and is expected to increase upto $ 1 billion in the next 5 years. India is also hit by phishing incidents very recently, ICICI Bank and CitiBank being the affected parties. This has alarmed the various financial and e-commerce institutions operating in India. Banks are now devising ways and means to preempt such attempts on their e-channels. One of the major hurdles in checking such crimes is the lack of a proper legal procedure. Cyber-crime laws are not in place yet in India (and many other developing countries). Therefore, the first and foremost things to do is set up legislative systems for detecting, tracking and solving such crimes.
Meanwhile, the old maxim: “Prevention is better than cure” is the most apt solution in this case. The way out, therefore, is educating and making aware the customers. The financial institutions should setup communication channels with their customers so that they can report such cases and therefore aid in the process of cyber-crime busting. Conclusion Phishing has become a menace and directly affects your financial commitments. Please take preventive measures to protect yourself from being affected. Make sure that you do not reply to mails (or download attachments) without verifying source or intention of the mail from your bank manager.
In case you have been affected (or even otherwise), please educate your family and friends about this issue. 
