Of the many techniques to leach away value from web e-consumers and e-commerce in general, PHISHING is the worst and easiest to implement, all it takes is a web page look-a-like and an ip packet sniffer to gather email addresses. It’s so easy in fact that it is wildly used and has reached epidemic proportions. The most targeted sites are banks, ecommerce sites like ebay and payment services like paypal. Generally phishers send email to target victims prompting them to login into fake look-a-like forms that look legitimate but are designed to capture your credentials. Logging into these forms will divulge your user and password information and put it in the hands of those who will exploit your account.
It’s incredibly difficult to detect fraudulent emails – as phishers have become increasingly sophisticated in their attacks creating logging pages that look very authentic and are very cleaver in prompting you to login. One thing these phishers can’t do is install these pages on the targeted sites domain. So there are certain characteristics in the URL the Internet users should look for, that are common to many spoof emails and give them away very easily.
In order to protect your self you must be very vigilant when following links from email. The URL in the address bar should be a dead giveaway so always make sure your address bar is visible and always have a good hard look to see if the url is leading to the site’s domain in question and not to some weird ip address or a fake domain. Be very vigilant here and look at the domain spelling they may have a very close copy of the original domain. If the URL doesn’t start with a valid domain then don’t go any further. Make sure to set your browser to detect phishing site by turning on automatic website checking. (Note; In Internet Explorer this setting is under Tools/Internet Option/Advanced tab/Phishing Filter this will not catch all of them) If you’re not familiar with URL’s and IP’s to distinguish them then always access these sites from a new browser window or from a trusted bookmark or link.
If you realize that your email is a phishing email then report the fake buy forwarding it to the sites email address designated for this. For eBay this email is firstname.lastname@example.org and paypal it’s email@example.com check your ecommerce site most of these have an account set up enabling you to communicate this information to the web master.
If you feel like retaliation might be in order then goto PhishFighing’s web site. PhishFighting is an ingenious site that turns things around on the fraudster. The site was setup to flood phishering sites with fake information, both usernames and passwords. When you receive your next spoof email simply visit the site and enter the web address of the phishering site into PhishFighting.com. Every twenty seconds, a fake entry is submitted to the site making any genuine details of victims hidden between the hundreds of fake entries
Beinging aware is the most important step against phishers and sharing these tips will go a long way to eliminate this practice and help buildup buyer’s confidence online.