Need for consumer awareness <ul><li>Increase in use of the internet for business activities like B2C </li></ul><ul><li>Online payments through credit cards, electronic wallets, electronic cash. </li></ul><ul><li>Also transfer of funds from online bank account portals etc. </li></ul>
The screeners of the websites shown were not authentic websites!!!!! THEY ARE FRAUDULENT WEBSITES-A CLASSIC EXAMPLE OF PHISHING!
Phishing <ul><li>“ Fishing for personal information” </li></ul><ul><li>Use “spoofed” e-mails and fraudulent websites designed to fool recipients into divulging personal financial data such as credit card numbers, account usernames and passwords, social security numbers, etc. </li></ul><ul><ul><li>Anti-Phishing Working Group </li></ul></ul>
Examples of phishing From: Customer Support [mailto:email@example.com] Sent: Thursday, October 07, 2004 7:53 PM To: Eilts Subject: NOTE! Citibank account suspend in process Dear Customer: Recently there have been a large number of cyber attacks pointing our database servers. In order to safeguard your account, we require you to sign on immediately. This personal check is requested of you as a precautionary measure and to ensure yourselves that everything is normal with your balance and personal information. This process is mandatory, and if you did not sign on within the nearest time your account may be subject to temporary suspension. Please make sure you have your Citibank(R) debit card number and your User ID and Password at hand . Please use our secure counter server to indicate that you have signed on, please click the link bellow: http://220.127.116.11/citifi/ . Note that we have no particular indications that your details have been compromised in any way. Thank you for your prompt attention to this matter and thank you for using Citibank(R) Regards, Citibank(R) Card Department (C)2004 Citibank. Citibank, N.A., Citibank, F.S.B., Citibank (West), FSB. Member FDIC.Citibank and Arc
<ul><li>Never click on hyperlinks </li></ul><ul><li>Use Anti-SPAM filters </li></ul><ul><li>Use Anti-Virus Software </li></ul><ul><li>Use personal firewalls </li></ul><ul><li>Keep all software updated </li></ul><ul><li>Always look for https and sites that ask for “personal information” </li></ul><ul><li>Keep computer clean from Spyware </li></ul><ul><li>Know Fraudulent activity on the Internet </li></ul><ul><li>Check your credit report immediately for free! </li></ul><ul><li>If unsure, ask! </li></ul>
<ul><li>Any technology that aids in gathering information about a person or organization without their knowledge. On the Internet (where it is sometimes called a spybot or tracking software ), spyware is programming that is put in someone's computer to secretly gather information about the user and relay it to advertisers or other interested parties . </li></ul>What is Spyware?
PHARMING <ul><li>Pharming occurs when a hacker redirects website traffic from a legitimate website to the hacker's fraudulent website by exploiting vulnerabilities in the Domain Name System (DNS). By corrupting a computer's knowledge of how a site's domain name maps to its IP address , the attacker causes the victim's computer to communicate with the wrong server—a technique known as domain hijacking . </li></ul><ul><li>By constructing a fake web site that looks like a legitimate site that might ask for the user's personal information , </li></ul>
such as a copy of a bank 's website, the fraudster can " phish ", or steal by means of false pretenses, a victim's passwords , PIN or bank account number. The combination of domain hijacking with a phishing website constitutes farming. Although many such sites use the Secure Sockets Layer (SSL) protocol to identify themselves cryptographically and prevent such fraud, SSL offers no protection if users ignore their web browsers' warnings about invalid SSL server certificates . Such warnings occur when a user connects to a server whose SSL certificate does not match the address of the server.
<ul><li>In an online auction scheme , a fraudster starts an auction on a site such as eBay or TradeMe with very low prices and no reserve price, especially for typically high priced items like watches, computers, or high value collectibles. The fraudster accepts payment from the auction winner, but either never delivers the promised goods, or delivers an item that is less valuable than the one offered—for example, a counterfeit, refurbished, or used item. </li></ul><ul><li>Online retail schemes involve complete online stores that appear to be legitimate. As with the auction scheme, when a victim places an order through such a site, their funds are taken but no goods are sent, or inferior goods are sent </li></ul>
<ul><li>The best we can do is be aware of all the scam activities around us and keep our eyes open and take extra precaution!! </li></ul><ul><li>Prevention is better than cure!! </li></ul>