Thursday, September 30, 2010

Re: [www.keralites.net] Is this message a real one or fake? Please advice



FYI

Suspicious results and strange behavior: Phishing attacks

What is phishing?

Phishing is a type of attack whose goal is to steal private information, such as login credentials or credit card numbers, usually to carry out various types of financial fraud. An attacker impersonates a trusted entity, such as a bank, government, ISP, or large web site, and tries to trick people into giving up their private information. These attacks often take the form of "urgent" emails asking people to take immediate action in order to prevent some impending disaster. Examples include topics such as the following:

  • "Our bank has a new security system. Update your information now or you won't be able to access your account."

  • "We couldn't verify your information; click here to update your account."

  • Sometimes the email claims that something awful will happen to the sender (or a third party), as in "The sum of $30,000,000 is going to go to the Government unless you help me transfer it to your bank account."

People who click on the links in these emails may be taken to a phishing site - a web page that looks like a legitimate site they've visited before, but is actually controlled by an attacker. Because the page looks familiar, people visiting these phishing sites enter their username, password, or other private information on the site. What they've unknowingly done is given a third party all the information needed to hijack their account, steal their money, or open up new lines of credit in their name. They just fell for a phishing attack.

The concept behind such an attack is simple: Someone masquerades as someone else in an effort to deceive people into sharing personal or other sensitive information with them. Phishers can masquerade as just about anyone, including banks, email and application providers, online merchants, online payment services, and even governments. And while some of these attacks are crude and easy to spot, many of them are sophisticated and well constructed. That fake email from "your bank" can look very real; the bogus "login page" you're redirected to can seem completely legitimate.

What you can do to avoid phishing attacks

The good news is there are things you can do to steer clear of phishing attacks and phishing sites:

  • Be careful about responding to emails that ask you for sensitive information. You should be wary of clicking on links in emails or responding to emails that are asking for things like account numbers, user names and passwords, or other personal information such as social security numbers. Most legitimate businesses will never ask for this information via email. Google doesn't.

  • Go to the site yourself, rather than clicking on links in suspicious emails. If you receive a communication asking for sensitive information but think it could be legitimate, open a new browser window and go to the organization's website as you normally would (for instance, by using a bookmark or by typing out the address of the organization's website). This will improve the chances that you're dealing with the organization's website rather than with a phisher's website, and if there's actually something you need to do, there will usually be a notification on the site. Also, if you're not sure about a request you've received, don't be afraid to contact the organization directly to ask. It takes just a few minutes to go to the organization's website, find an email address or phone number for customer support, and reach out to confirm whether the request is legitimate.

  • If you're on a site that's asking you to enter sensitive information, check for signs of anything suspicious. If you're on a site that's asking for sensitive information -- no matter how you got there -- check for the signs that it's really the official website for the organization. For example, check the URL to make sure the page is actually part of the organization's website, and not a fraudulent page on a different domain (such as mybankk.com or g00gle.com.) If you're on a page that should be secured (like one asking you to enter in your credit card information) look for "https" at the beginning of the URL and the padlock icon in the browser. (In Firefox and Internet Explorer 6, the padlock appears in the bottom right-hand corner, while in Internet Explorer 7 the padlock appears on the right-hand side of the address bar.) These signs aren't infallible, but they're a good place to start.

  • Be wary of the "fabulous offers" and "fantastic prizes" that you'll sometimes come across on the web. If something seems too good to be true, it probably is, and it could be a phisher trying to steal your information. Whenever you come across an offer online that requires you to share personal or other sensitive information to take advantage of it, be sure to ask lots of questions and check the site asking for your information for signs of anything suspicious.

  • Use a browser that has a phishing filter.The latest versions of most browsers include phishing filters that can help you spot potential phishing attacks

On Wed, Sep 29, 2010 at 6:32 PM, Venu Haridas <venuharidas@gmail.com> wrote:
Friends,

I received a message as follows

Is this a genuine message or a fake one?

Computer experts in the group please reply.

Message as received
from Gmail Service <gmailtech.service@gmail.com>
sender-time Sent at 1:14 PM (GMT-07:00). Current time there: 8:25 AM. ✆
reply-to Gmail Service <usonlineservice@gmail.com>
to
date Wed, Sep 29, 2010 at 1:14 PM
subject New Alert!

Our science & technology team has recently launched Google web software to protect and secure all Gmail Accounts. This system also enhanced efficient networking and fully supported browser. You need to upgrade to a fully supported browser by filling out the details below for validation purpose and to confirm your details on the new webmaster Central system.

Account Name:
Pass word:
Country:
Date of Birth:

Note: Your Account will be disabled permanently if you failed to provide the details below within 72hours. Gmail will not be heard responsible for your negligence.

The Google web Service.


www.keralites.net


__._,_.___


KERALITES - A moderated eGroup exclusively for Keralites...
To subscribe send a mail to Keralites-subscribe@yahoogroups.com.
Send your posts to Keralites@yahoogroups.com.
Send your suggestions to Keralites-owner@yahoogroups.com.

To unsubscribe send a mail to Keralites-unsubscribe@yahoogroups.com.

Homepage: www.keralites.net




Your email settings: Individual Email|Traditional
Change settings via the Web (Yahoo! ID required)
Change settings via email: Switch delivery to Daily Digest | Switch to Fully Featured
Visit Your Group | Yahoo! Groups Terms of Use | Unsubscribe

__,_._,___

No comments:

Post a Comment