PHISHING

1
PHISHING
2
Phishing

• Phishing is the art of sending information to
  people in the hopes that they will supply you
  with personal information about themselves.
• Phishing has been around for many years. It was
  previously done by calling people or sending
  paper letters - but has been perfected with
  the creation of Internet and e-mail.

3

• WHY ?
• If you supply personal information to someone,
  they can open accounts and use your credit to buy
  items for themselves using your name.
• HOW ?
• E-mail is the newest method of phishing e-mails
  are sent to thousands of people at once. These
  e-mails convince the reader to click on a link
  that sends them to a fake website. The website
  prompts the user for personal information and
  sends it back to the sender who uses it for their
  own gain.

4
Here is a sample of a phishing e-mail. As you can
see, it looks very realistic.

• From Chase Online
• Sent Friday, November 28, 2008 1014 AM
• Subject WaMu Chase. Safe Secure - Message id
  XLKLTRZBGWWaMu customers we're proud to
  welcome you to one of the nation's largest banks
  as of September 25, 2008, all WaMu customer
  deposits are now deposits of JPMorgan Chase, one
  of the most stable banks in America.What will
  change Some aspects of the ONLINE SERVICES
  Chase Online and WaMu Online DEADLINE December,
  30, 2008 What you need to do Update your
  information by visiting Chase Online or WaMu
  Online. Log on to your account and you will be
  re-directed to the client information update
  screen.If you have not signed up for online
  access, you can enroll easily by clicking
  "Enroll" at the bottom of the Login page.Please
  do not reply to this message. For questions,
  please call Customer Service. We are available 24
  hours a day, 7 days a week. Sincerely, Carter
  Franke Chief Marketing Officer Member Services

If you click on the link, it would take you to a
very realistic looking (but fake) website.
5
Another sample e-mail
6

• You might see a phishing scam
• In e-mail messages, even if they appear to be
  from a coworker or someone you know.
• On your social networking Web site. (Facebook,
  MySpace)
• On a fake Web site that accepts donations for
  charity.
• On Web sites that spoof your familiar sites using
  slightly different Web addresses, hoping you
  won't notice.
• In your instant message program.
• On your cell phone or other mobile device.
• By receiving a phone call at home.

7
Here is another example of a fake website
8
Here are some other examples of fake sitesfrom
phishtank.com(click to view them)
How to protect yourself Don't use the links in
an email to get to a web page. EVER !! Instead,
log onto the website directly by typing in the
Web address in your browser. Avoid filling out
forms in email messages that ask for personal
financial information. You should only
communicate information such as credit card
numbers or account information via a secure
website or the telephone. Always ensure that
you're using a secure website when submitting
credit card or other sensitive information via
your Web browser. To make sure you're on a secure
Web server, check the beginning of the Web
address in your browser's address bar - it should
be https// rather than just http//.

• 604400
• 604399
• 604397
• 604385
• 604384
• 604383
• 604382
• 604381
• 604380
• 604379