Phishing is also known as carding or spoofing, derives its name from the use of sophisticated lures such as emails designed to look like they come from a real company or institution, that are created by unsavory characters to "fish" for users' financial information, credit card details, and passwords.Generally ,in computing, phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. PayPal, eBay and online banks are common targets. Phishing is typically carried out by e-mail or instant messaging, and often directs users to enter details at a website, although phone contact has also been used. Phishing is an example of social engineering techniques used to fool users. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical measures.
An example of phishing is Paypal. In an example PayPal phish,
spelling mistakes in the e-mail and the presence of an IP address in the link (visible in the tooltip under the yellow box) are both clues that this is a phishing attempt. Another giveaway is the lack of a personal greeting,
although the presence of personal details would not be a guarantee of legitimacy. Other signs that the message is a fraud are misspellings of simple words and the threat of consequences such as account suspension if the recipient fails to comply with the message's requests.
There are several prevention methods available. We can separate online interaction into 4steps:
(i) Message retrieval. An email message or web page arrives at the user's personal
computer from the Internet.
(ii) Presentation. The message is displayed in the user interface, the user perceives it, and
the user forms a mental model.
(iii) Action. Guided by the mental model, the user performs an action in the user interface,
such as clicking a link or filling in a form.
(iv) System operation. The user's action is translated into system operations, such as
connecting to a web server and submitting data.
In this section, we survey existing defenses against phishing attacks, classifying them according to which of these four steps they address.
(i) Message retrieval. An email message or web page arrives at the user's personal
computer from the Internet.
(ii) Presentation. The message is displayed in the user interface, the user perceives it, and
the user forms a mental model.
(iii) Action. Guided by the mental model, the user performs an action in the user interface,
such as clicking a link or filling in a form.
(iv) System operation. The user's action is translated into system operations, such as
connecting to a web server and submitting data.
In this section, we survey existing defenses against phishing attacks, classifying them according to which of these four steps they address.
No comments:
Post a Comment