PHISHING

Phishing Expedition

Phishing
Pronounced fishing. The word phishing refers to creating a fake replica of an existing Web page to fool people into submitting private, confidential, or financial information.

If your elders warned you that you shouldn't believe everything you see....perhaps they were right. Bad guys can make you click on URLs in the emails or on their Web sites and can potentially take you to fake Web pages that look very real. Sometimes the Web page will show you that you are using Secure Socket Level (SSL) because they will start with https, instead of http. To put the icing on the cake, the fake Web page will even show you the lock icon in the lower right hand corner of Internet Explorer to ensure you that the information you'll type is secure.

Still not convinced? Check out the following phishing demos.

Demo #1 - Fake Symantec Web site
Click here to view a fake Symantec Web page. Click on one of the items on the menu, for example "Purchase" to verify that it's a fake page. What you've seen is a fake page designed by DSLReports to report a flaw in Internet Explorer that allows people to create fake Web sites that can hide true addresses.

Now, if you want to see the real Symantec Web page, type http://www.symantec.com/ in your browser and see the difference. What you've witnessed is a flaw in Internet Explorer that can potentially be exploited.

Demo #2 - Fake PayPal Web site
Click here for another demo that shows you the fake PayPal Web site that looks like this:

Demo #3 - Fake Microsoft Web site
Click here for a fake Microsoft Web site.

Solutions
So what can you do to protect yourself from such phishing expeditions? Here are some of the solutions:

1. Type the URL in manually in the address bar to make sure that you are going to the correct address. For example, if you want to go to the PayPal's Web site, type https://www.paypal.com/ in the address bar, instead of clicking on a link on someone else's Web site that takes you to PayPal's site.

2. Do not click on URLs in the emails to go to Web sites to purchase products or to manage finances at a financial institution. Manually type the URLs, or use the Internet Explorer favorites that you saved by visiting the Web site by manually typing the address.

3. Disable Internet Explorer's active scripting, which allows you to run scripts and ActiveX code. However, this may affect your browser's functionality.

4. Wait for Microsoft to come out with a patch. Unfortunately, Microsoft has rated this bug as "moderately critical". This is unfortunate after Microsoft has ignored some very serious security flaws in Internet Explorer for a long time, some even for more than a year. For more information go to http://www.techgalaxy.net/default.asp?link=security and click on Security Holes.

Click here to learn more about the word phishing.