The process of phishing involves:
1- Planning: Phishers decide which business to target and determine how to get e-mail addresses for the customers of
that business. They often use the same mass-mailing and address collection techniques as spammers.
2- Setup: Once they know which business to spoof and who their victims are, phishers create methods for delivering the
message and collecting the data. Most often, this involves e-mail addresses and a Web page.
3- Attack: This is the step people are most familiar with, the phisher sends a phony message that appears to be from a
reputable source.
4- Collection: Phishers record the information victims enter into Web pages or popup windows.
5- Identity theft and Fraud: The phishers use the information they've gathered to make illegal purchases or otherwise
commit fraud.
How to know If an E-mail Message is Fraudulent?
Here are a few phrases to look for if you think an e-mail message is a phishing scam.
"Verify your account."
Businesses should not ask you to send passwords, login names, Social Security numbers, or other personal
information through e-mail. If you receive an e-mail from anyone asking you to update your credit card information,
do not respond this is a phishing scam.
"If you don't respond within 48 hours, your account will be closed."
These messages convey a sense of urgency so that you'll respond immediately without thinking.
"Dear Valued Customer.
Phishing e-mail messages are usually sent out in bulk and often do not contain your first or last name.
"Click the link below to gain access to your account."
HTML-formatted messages can contain links or forms that you can fill out just as you'd fill out a form on a Web site.
The links that you are urged to click may contain all or part of a real company's name and are usually "masked,"
meaning that the link you see does not take you to that address but somewhere different,usually a phony Web site.
How to avoid phishing?
- Never respond to an email asking for personal information
- Always check the site to see if it is secure. Call the phone number if necessary
- Never click on the link on the email. Retype the address in a new window
- Keep your browser updated
- Keep antivirus definitions updated
- Use a firewall