Friday, January 15, 2010

Phishing and Spoof - Part 4 - What to do after you recognize Spoof and Phishing

In previous post I have mentioned few things by which you can prevent Phishing. After little bit of exposure and experience, you can recognize most of the Spoof and Phishing.

If you have recognized or come across a Spoof or Phishing you will become cautious and must act safe to protect your sensitive information. Now you must also help others to be safe. You can do the following things if you recognize or come across Spoof and Phishing.

1) Spread the word about Spoof and Phishing.

2) Alert the websites like PhishTank, Symantec and Google about it.
PhishTank URL: http://www.phishtank.com/ (Needs Membership to report or vote)
Google Safe Browsing URL: http://www.google.com/safebrowsing/report_phish/
Symantec Anti Fraud URL: https://submit.symantec.com/antifraud/phish.cgi

3) Alert the company/website which is being Phished.
Some websites may have an email dedicated for reporting Spoof Emails. Please forward the Spoof Emails along with the Full Headers to them. Please keep the Spoof Emails in a Separate folder as you may need it later. Email the concerned websites the link of the page used for the phishing.

4) If you are a power user or web master, you can do the research about the registrant of the domain, Trace the Spoof Email for the server of Origin, Look for the IP Address and Server where the Phished Pages are hosted. Report these to the respective service providers.

5) Make a Blog or Post about different Spoof and Phishing which you have come across. Share it with your friends.

6) Many More....

Please share the information about Spoof and Phishing and the methods to identify and prevent it.

Read more...

Thursday, January 14, 2010

Phishing and Spoof - Part 3 - Few Tips to Prevent Getting Spoofed and Phished

In previous post I had mentioned few things which will help you to recognize Potential Spoof and Phishing. In this post I will tell some of the tips which will help you to recognize and prevent Spoof and Phishing.

Few Tips To Prevent from being Phished:

1) Browser and Add-ons:
It is better that you use browsers like Mozilla FireFox or Opera as they are more secure compared to Internet Explorer. Kindly Enable the Status Bar of your browser.
Do not install unnecessary ToolBars, Add-ons/Plug-ins to the browsers.
Kindly disable certain JavaScript activities which will Hide Status Bar, Hide Address Bar, Change Status Bar Text, Disable or Replace Context Menus. These features may prevent you from recognizing the Phishing Attempts.
Look whether you can resize a PopUp Window. If you cannot, better to change to a different browser like FireFox or enable the options which will allow you to resize the PopUp windows. Check the Help Pages of your browser or ask the Help in some of the Web Forums.

2) Internet Surfing Habit:
It is a good habit to type the address of the bank and other financial service companies rather than clicking the link in emails or other non-standard websites. Or use the Bookmark/Favourites of the Browser. Do not use 3rd party web-services or online bookmarking services for bookmarking the addresses of the Financial company websites.

3) Look for "HTTPS" and Address Bar Text:
Look for the "https://" and the URL in the Address Bar Text in the address bar where you login to the website.

4) Look for "PadLock" symbol:
Look for the PadLock Symbol in the Status Bar of your Browser.

5) Use Anti-Phishing Browser Features:
Some browsers have Anti-Phishing Features and Some Antivirus Softwares also help in preventing the Phishing by alerting you when you come across a Phishing or Forged Website.

Some Measures about Keeping your Sensitive information Secure:
1) Do not publicly mention your email address which is associated with your bank account or other corporate concerns.
2) Use different email address for personal, corporate, official, social and financial purposes with different passwords. Use the email address from the services like BoxBe.com for public activities like posting in forums and commenting the blogs.
3) Do not share the credit card and other informations.
4) Never use the facilities like "Invite your Friends .." in the social websites which will ask you to enter your email account username and password. This will not only expose your email accounts but also expose the email addresses present in your address book.
5) Never enter your email addresses into the websites which you are not aware of. Please use the email address provided by the services like BoxBe.com in such situations which has very good Anti Spam Measures.

So be careful while you enter your email address into some website. In my next post I will tell what you can do if you recognize or come across a Spoof or Phishing.
Phishing and Spoof - Part 4 - What to do after you recognize Spoof and Phishing

Read more...

Wednesday, January 13, 2010

Phishing and Spoof - Part 2 - Recognize Spoof and Phishing

In previous post I had given a small intro about Phishing and Spoof. In this post I will mention few things to consider by which you can recognize Potential Spoof Emails sent for Phishing.

1) Some of the things to look for when you get an email claiming to be from a Company of which you are a member:
You may get many emails from different companies. But be careful when you get an email asking you to enter some sensitive data.

When you get an Email requesting you to enter some sensitive data by clicking the link in the email, Look for the From Address, From Name, To Address, Sent Date, Full Email Headers, How the Email addresses you, The Data you are asked to enter, The link Text, Linked Address, etc.

From Address and Name:
Some companies usually declare the email addresses used by them to send emails to their members, but in most cases the From Address usually appears as Official Address, as the phishers forge the From Address of the emails. Sometimes the From Address may have little variations and it may not be noticeable easily.

If you get an email claiming to be from a bank to which you are not a member/customer and asks you to verify your account information, then you can blindly tell that it is the Spoof Email which is been sent to you for Phishing.

To Address:
If the email is sent only to you and directly to you, your Email address appears in the To Address of the Email. There will not be any other email address in the To Address of the email.

If there is another address/addresses in the To Address of the email, then you are not the only recipient of the email. Some send the emails by entering the addresses into the BCC Address of the email so that the other email addresses are not displayed.

So please be careful while clicking a link in an email to which you are not the only recepient and your address is not in the To Address of the email.

Sent Date:
Some send the email as Future Dated, eg: the sent date will be any date of the year 2020 etc. Such emails appear at the top of the email list in the Inbox. If the email is sent with a past date, such emails will be at the middle or last of the email list in the Inbox.

Kindly be careful if you get such emails.

Full Email Headers:
It is good habit to look the Full Email Header of the emails which appear to be sent by any Company like banks or shopping or financial services companies as it may sometimes prevent you from Phishing.

Sometimes the From Email Address may be different from Reply To Email Address, Or the Originating domain of the email may be different one. So its better to check for these things.

How the Email addresses you:
Some companies have the policy which mentiones how the member (you) will be addressed in the emails.
Eg: PayPal addresses the members by their Names in their emails. So if you get any email claiming to be from PayPal but it address you in a different way other than your name, say like "PayPal Customer", you can clearly tell that the email is not from PayPal.

The Data you are asked to enter:
Some emails ask you to reply the email with the username and passwords or other sensitive information. But such emails are less nowadays. Kindly go through the Company's Policies and check whether they send any emails asking for sensitive information. Most of the Corporate Companies have a policy that they wont send any emails asking you to send passwords or any other sensitive information.

Some emails may tell you that your account is blocked or has some suspicious activity and asks you to use the link in the email to login to the website. Never click such links. You better use the contact form or support ticket or the Telephone to contact the company as it is more safer. You can also send an email to the email address provided by the Company in their Official Website rather than replying to the sent email or clicking the link in the email.

If you want to login to the Companies Website, kindly open a new browser window and enter the website address of the Company into the address bar and use the login options in the website rather than opening the website by clicking the link in the email.

The link Text and Linked Address (URL):
The Link Text in the email may appear as to be same with the Official Website Address. But the Link Text can be made to link to a different URL.

Its better to scroll the mouse over the Link Text for a while and look for the Text in Status Bar. Usually it will be different from the Official Website Address if it is not scripted to show a different text in the Status Bar. You can even Right-Click on the Link and check the properties of that link and chcek the URL its linked to.

Some use the URL Shortening features and shorten the URL to a small URLs instead of Long ones. Be carful while clicking such URLs. Never enter any sensitive information into the pages which appear by clicking the Shortened URL Versions.

The URLs will be scripted in such a way that it opens in a New Window or Tab and it will not have an Address Bar. Never enter any sensitive information into the page which has no Address Bar and Status Bar and which appears as a resulting of clicking the Link in Email as it can be a Phishing Attempt.

These are only a few of the many things to be considered to recognize Spoof and Phishing. In my next post I will mention a few things by which you may prevent Phishing.
Phishing and Spoof - Part 3 - Few Tips to Prevent Getting Spoofed and Phished

Read more...

Tuesday, January 12, 2010

Phishing and Spoof - Part 1 - Introduction

"Phishing" is the term used for obtaining the sensitive information by the use of fake webpages. The users are usually sent Official looking Forged emails with a link to the Fake Page and asked to enter the sensitive information into the Fake Page.

"Spoof" or Spoof Email is the Forged of Fake Email which appears to be sent by some Reputed Company which usually contains the link to the web page which is used for Phishing and tells you to update your account details or to provide password or some sensitive data.

The Fake Page used for the Phishing is very similar to the Official Web pages of the particular Company (usually Financial Service Companies). The usernames, passwords, credit card number, PIN Number, Bank account number, Birthday, Mother's Maiden Name etc are some of the common sensitive information which the Fake Page usually collects.

Some consider the Spoof and Phishing not too serious and think that it may at max result only in some financial loss. But Spoof and Phishing can be used to get sensitive information which can be later used to do illegal activities.

The sensitive information can be used to log into your email account and send abusive or threatening emails to some authorities. It can be used to log into your online bank account and transfer funds to the person who uses it for illegal activities using your funds as the source. This can result in you getting screwed up for the things which you have not done.

It is secondary that after careful investigations it may reveal that only your account is used and you are not actually involved. But it depends on the facilities available to investigate and the co-operation of the service providers. But the mental trauma which you get is really worse.

So the Spoof and Phishing can really result in dangerous things. If you be careful and try to recognize the spoof and phishing, you can really prevent and protect from getting Phished.

In this post I have given a simple introduction about Spoof and Phishing. In my next post I will mention few things to consider to recognize the Spoof and Phishing.
Phishing and Spoof - Part 2 - Recognize Spoof and Phishing

Read more...

Monday, January 11, 2010

Simple way to get your own Domain Name : Loki Domain Guide

Well, many people find it difficult to chose from which registrar or where to register the domain name..

It can be dome in very simple 4 steps:

  1. Visit a Domain Registration service provider. Enter the name of the domain you want to register in the search box and select the extensions you like. If the domain name you are searching is already registered, try a different extension or different domain name. I register the domains with GoDaddy (x.co)BigRock , and Net4 as they offer many services for free and the domain registration/renewal prices are very low.
  2. Once you find an available domain name and you wish to register it, Add the domains you wish to register to the Cart and create an account if you are not a member of the site.
  3. Enter all the required details in the sign up form (if already not a member) and Whois data.
  4. Confirm the order and pay the invoice to get the order activated. On an average, a standard domain name costs about $9 or Rs.400 per year including the features like DNS, Domain and Email forwarding, whois privacy etc..
  5. You will receive an email once the domain gets activated.
  6. You can start using the domain for web hosting or forward it to another address if you do not have a website to host. You can also park your domain name or just keep it as it is for future use..

Why should you register a domain name?
There are many reasons..
  1. For your web presence, the own domain names are the standard forms of web presence than a subdomain and folder based internet addresses.
  2. To provide information related to something either personal or professional or business.
  3. E-commerce and online business and corporate web presence. Own or Corporate email address.
  4. Hobby and Passion.
If you do not want to register a domain name for cost without gaining some knowledge of Internet, Domain and website, you can go for a free domain (which is actually a sub-domain which works like a domain name).

Register a Free Domain Name and use it as a workplace and workspace to gain more knowledge about how the domains and website works.

Read more...

All the things mentioned in my blog by me are My Opinions and My Thoughts If they are Not Facts.! If anyone is offended by the content, please tell me with reasons.
All Mentioned TradeMarks, Copyrights and Logos etc. belongs to their respective Owners. - kslokesh.com | TERMS AND CONDITIONS , PRIVACY POLICY , DISCLAIMER . FEEDBACK

Lokesh's Blog : blog.kslokesh.com , Hosted on Blogspot.com (Blogger.com). . Domain Registration by x.co/locality | Website by Nanjangud.Net

Back to TOP