Phishing
2. What is phishing? Visit 2 banking websites and discuss their responses to the threat of phishing. Cite at least 2 sources.
In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites (Youtube, Facebook, Myspace), auction sites (eBay), online banks (PayPal), or IT Administrators (Yahoo, ISPs, corporate) are commonly used to lure the unsuspecting. Phishing is typically carried out by e-mail or instant messaging,[1] and it often directs users to enter details at a fake website whose URL and look and feel are almost identical to the legitimate one. Even when using SSL with strong cryptography for server authentication it is practically difficult to detect that the website is fake. Phishing is an example of social engineering techniques used to fool users [2], and exploits the poor usability of current web security technologies [3]. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures.
A phishing technique was described in detail in 1987, and the first recorded use of the term “phishing” was made in 1996. The term is a variant of fishing,[4] probably influenced by phreaking,[5][6] and alludes to baits used to “catch” financial information and passwords. - Wikipedia.com
I was shocked to see just how truly authentic some of these phishing e-mails can look. I bank with Wachovia, and typed “phishing” into the search bar on the home page (www.wachovia.com). They have an entire page of topics and links dedicated to consumer education regarding banking scams, but specifically phishing along with about five or so examples of phishing e-mails. Its amazing how convincing these e-mails look and “sound”. I can see how it’s incredibly important for a lending institution, or for that matter any online retailer that processes money and customer information via an account, to educate their customers on these type of scams.
Bank of America (www.bankofamerica.com) had a whole page devoted to educating their customers as well; while Suntrust (www.suntrust.com) as well as BB&T Bank (www.bbt.com) had consumer education pages also, however theirs were a bit shorter. Unfortunately a couple of the smaller banks websites, such as EVB (www.evbbank.com) and Bank of Richmond (www.gatewaybankandtrust.com) didn’t have these type of pages. Certainly they should as they deal in online banking which could certainly expose their customers to these type of scams.
Overall, if someone keeps their wits about them and stays educated to this type of consumer fraud; as well as what to be aware of when conducting any online business, they can certainly keep their money and information safe.
I agree all banks should have this information on their websites, especially for the individuals who may not be as familiar with dealing with the internet and email. Thieves use different ways to obtain your information like phone calls, text message, or etc. Educating individuals about this threat is the best way to avoid criminals to gain access to your information. Phishing seems like it is getting more advance and banks will need to continue updating their security and software to protect their clients.
While I love the Internet and using it to do my banking and buying, I have become sceptical when one of hte questions asked is for your social security number. I get at least one or two calls a day trying to sell me something whether it be products, insurance, offering a credit card,etc. If someone calls and says it is one of my credit card companies and wants to verify I am how I say I am and they ask for my social secuirty number, I won’t give it to them. If they ask for the last 4 digits of my social security number, I am comfortable giving the info. They are merely verifying that they are indeed talking to me. They have my social, why would I have to give it to them again. Giving the last 4 digits is sufficient. I emjoyed reading your blog. It is obvious that you did a lot of research. I had thought about doing my post on Phishing, but changed my mind.
I’ve only received a few phishing emails. All of the ones I’ve read have had comically poor grammar. Its a little disturbing to see and read some of the better emails and websites out there. They are convincing.
Luckily most sites and financial institutions have ways of letting someone report if they have been phished fairly easily.
Its also surprising to hear that some of the smaller banks do not have informational pages on their websites. It would seem that this is a problem effecting all financial institutions. I wonder if these banks still have the means to easily report if someone has been scammed.
I am a person who loves to shop on the internet. I will only shop from familiar sites like QVC.com or JCP.com. If I need to find a product I will only search websites I am familar with. I am so afraid of giving out my credit card information to the off the wall companies. I know ebay is suppose to be safe but that one makes me nervous. I do my banking on-line and I feel secure with that website because I trust my bank takes all precautions to keep my information safe. I will not ever go to my banks website through an email they sent for the fear it might not actually be them.
I do my banking online, but I have everything setup to automatically pay. I prefer to do that over autodrafting, where I give a company my bank info and they take it out monthly, I feel I have the control. I will have to check to see how much information my bank has on phishing, it will be interesting.
Where I work we have to take credit card and bank information over the phone for customers/members to pay on their accounts and we have to watch putting the info in notes. The customers/members will ask us to use the card or account we have on file but they can still dispute the charge – we have no signature.
I think the 3 digit pin number that the banks and credit card companies have started putting on the back of the cards are great, the only thing is if the card is physically stolen.
I think it is funny when you pull up to a drive up ATM machine and the passenager is standing outside the car doing the transaction, do they not trust the driver with their card for the couple of minutes they will have it to put it into the ATM and then the pin number to enter. The driver will not remember the card number because more then likely they are not even going to look at the card and for them to use it later they would have to have the card in their hand to your the pin number.
Have we become that bad of a society that we do not even trust our friends or relatives with a debit/ATM card for a couple of minutes even when we are sitting right beside them? I hope not, I give my boyfriend my card anytime at a gas pump so I do not have to pump the gas and give him the pin number too and he does the same if I am driving and we stop at his ATM for cash, he hands me the card and tells me his pin number and you know what I could not even tell you his pin number right now; we have done this at once a month.
[...] 15, 2008 · Filed under Uncategorized Phishing by [...]
My Comments « Kmaryland’s Weblog said this on November 16, 2008 at 2:03 am
[...] Phishing by [...]
My Comments « Har1eygur1’s Weblog said this on November 19, 2008 at 3:10 am
[...] Phishing by [...]
My Comments « Andrew5952’s Weblog said this on November 23, 2008 at 4:50 am