Phishing (email) is a common practice used by online scam artisits to obtain personal details like online bank account details, username / password combinations used for other online services etc. The methods employed by these individuals often include email camapigns where the email sent is a carefully crafted replica using logos and other imagery from the financial institution, online service but with links within the email ponting back to their own servers where username / password and personal information is obtained.

The most common form of email phishing camapigns are bank scams where an email is received that appears to come from your online financial institution asking you to re-enter your details because of a server outage / data loss that the supposed financial institution has experienced. An example of a phishing email is displayed on the right hand side of this page with an explanation of why it is dangerous.

The technique used by most Phishing attacks is to display a link in the body of the email which looks legitimate but which links to a completely different server address.

An example of this is given below. Although each of the links displays http://www.anz.com when you click on them your browser will load content from two very different locations. Click on each of the links to see the result.

http://www.anz.com

http://www.anz.com

Phishing attempts can be vey professional looking containing carefully crafted code which hides the real address in your Internet browser as well as oscuring other tell tale signs of identity phishing. Although most phishing emails contain text only with a link to the scammers site, others use the full gamut of graphics effect to give the impression of professionally produced content.

Click here for an examle of a professionally crafted phishing email (You may need to allow popups from this site if you use a popup blocker.

MailWash protects your incoming email against phishing attacks by scanning the content of links withing the message and warning you should there be a difference between the link diaplayed in the body of the message and the actual destination should you decide to click on that link. If a difference is found between the links then a warning is inserted in the message advising you that the email may be a Phishing attack.

Coupled with the use of our ClamAV virus scanner which protects against hundreds of known phishing scams, you have very little chance of ever receiving an email containing a Phishing attempt when MailWash protects your servers or inbox.

If you believe you've received an email that contains a phishing attempt, forward the email in HTMl format to the following address for analysis. We will respond ASAP with an overview of the message and whether it was fraudulent or not.

phishing@mailwash.com.au

Tips to protect you from Phishing scams.

Step 1: Never respond to requests for personal information via e-mail

Microsoft and most legitimate businesses will never ask for passwords, credit card numbers, or other personal information in an e-mail. If you do receive an e-mail requesting this kind of information, don't respond. If you think the e-mail is legitimate, contact the company by phone or through their Web site to confirm. See Step 2 for the best ways to get to a Web site if you think you've been targeted by a phishing scam.

For a list of sample phishing scam e-mails that people have received, check the Anti-Phishing Working Group Phishing Archive .

Step 2: Visit Web sites by typing the URL into your address bar

If you suspect that an e-mail from your credit card company, bank, online payment service, or other Web site you do business with is not legitimate, don't follow the links to the Web site from an e-mail message. Those links may take you to a spoofed site that might send all the information you enter to the scam artist who created the site.

Classic examples are Phishing emails that claim to come from Ebay and Paypal

Even if the address bar displays the correct address, don't risk being fooled. There are several ways for hackers to display a fake URL in the address bar on your browser. Newer versions of Internet Explorer make it more difficult to spoof the address bar, so it's a good idea to visit Windows Update on a regular basis and update your software. If you don't think you'll remember to update or if you prefer to have the updates downloaded automatically, you may be able to configure your computer for Automatic Updates. Windows Automatic Updates .

Step 3: Check to make sure the Web site is using encryption

If you can't trust a Web site by the address bar, how do you know it's likely to be secure? There are a few different ways. First, before you enter any personal information, check to see if the Web site uses encryption to transmit your personal information. In Internet Explorer you can do this by checking the yellow lock icon on the status bar as shown in the following illustration.

This symbol signifies that the Web site uses encryption to help protect any sensitive personal information-credit card number, Social Security number, payment details-that you enter.

Double-click the lock icon to display the security certificate for the site. The name following Issued to should match the site you think you're on. If the name differs, you may be on a spoofed site. If you're not sure whether a certificate is legitimate, don't enter any personal information. Play it safe and leave the Web site.

To find out more ways to determine if a site is safe, read How Internet Explorer Keeps Your Data Safe .

Step 4: Routinely review your credit card and bank statements

Even if you follow the three steps above, you may still become a victim of identity theft. If you review your bank statement and credit card statements at least monthly, you may be able to catch a scam artist and stop them before they cause significant damage.

Step 5: Report suspected abuses of your personal information to the proper authorities

If you feel you have been a victim of a phishing scam, you should:

Immediately report the scam to the company that's being spoofed. If you're unsure how to contact the company, visit the company's Web site to get the correct contact information. The company may have a special e-mail address to report such abuse. Remember not to follow any links in the phishing e-mail you received. You should type the known Web site address for the company directly into the address bar in your Internet browser.

Content from http://www.updatexp.com/phishing.html