Phishing – the act of attempting to acquire sensitive, confidential or security information by pretending to be a trustworthy entity in an electronic communication. It is becoming more and more sophisticated and thus imperative that we re-educate ourselves to ensure we all become aware of how to detect phishing attempts and avoid being a victim.

The act of phishing involves the following stages:
·         Planning: The Phisher decides which business to target and determines how to get e-mail addresses for the customers of that business.
·         Setup: The Phisher creates methods for delivering the message and collecting the data. Most often, this involves e-mail addresses and a Web page.
·         Attack: The phisher sends a phony message that appears to be from a reputable source.
·         Collection: The Phisher records and collect the information victims enter into Web pages or popup windows.
·         Identity Theft and Fraud: The phisher uses the information gathered to make illegal purchases or otherwise commit fraud.

Two common techniques of Phishing are:
Link Manipulation: this is a form of technical deception that makes a link appear to belong to the spoofed organization. For example, see two links below – purportedly from GTB Plc and FEDEX:
If you move your cursor over the link without clicking on it the real link is displayed as shown below:
Website Forgery: this deception makes a fake website to appear as that of the spoofed organizations. The url in the example above takes you to a fake website that appears like that of GTB.

Of recent, it has been observed that many people have received mails supposedly from GTB, First Bank, Fedex, and other financial institutions.
Please note that financial Institutions will never e-mail or telephone customers to ask for their account number or other personal or security details. If you receive an e-mail claiming to come from your financial Institution, requesting personal account information, do not provide the details. You should never give your account, security or personal details in response to unsolicited communications claiming to be from any financial institution. Also if you receive any email from other institutions you do not have an account with, kindly disregard and delete.

In conclusion, please note that the use of your company provided email address in online social sites, newsgroups, forums and other online activities exposes your email address and the domain name to persons with malicious intents (email harvesting spammers).
 whenever in doubt, we encourage you to avoid clicking on any suspiciously looking link and/or open any such email(s); kindly contact the IT Service Desk immediately.

No comments:

Post a Comment