Friday, January 15, 2010

An Article on Credit card 'phishing'

Before I go ahead with this topic of Credit Card Phishing let me briefly explain the term phishing According to wikipedia

“computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Even when using server authentication, it may require tremendous skill to detect that the website is fake. Phishing is an example of social engineering techniques used to fool users, and exploits the poor usability of current web security technologies. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures.

A phishing technique was described in detail in 1987, and the first recorded use of the term "phishing" was made in 1996. The term is a variant of fishing, probably influenced by phreaking, and alludes to baits used to "catch" financial information and passwords.”

"Phishing" has recently become a familiar phrase in the banking business. It is a form of fraud: Phishing is when thieves pretend to represent legitimate companies, contact consumers and extract their credit card information. Then the phishers go shopping. For the victims, it's not funny.

How it works
Phishing starts when a consumer receives an official-looking e-mail from a business. The e-mail looks in every respect like one from a trusted source, such as a bank or e-Bay. The fraudulent e-mail will come with all of the right wording and company logos and will typically profess to be doing a security check, requiring the customer to verify private information.

Consumers who fall for the phishers' scheme click on the ad or call the number and then volunteer their vital banking information: Social Security and account numbers. Then the trouble starts.

Protecting yourself from phishing
Experts say this is the key: Do not give out personal information when you have not initiated the conversation.

Unless you initiated the call, DON'T give out:
• Your date of birth.
• Your Social Security number.
• Your mother's maiden name.
• The three-digit security code on the back of your card.
The phone tricks:Don’t fall for it

Do not give your information out even if someone calls and says they are with your credit card company and are investigating a potential identity theft. Ask for the caller's phone number, and offer to call back. A scammer is unlikely to give you a number. Even if he or she does, don't call back; just report it to authorities. If you call and surrender your account information, kiss your money goodbye: Thieves can use your credit card to shop online in complete anonymity.

If you get a suspicious e-mail, forward it to your bank or retailer. Most of them have internal security teams that want to stay abreast of the latest phishing techniques.

Always keep one thing in mind that Computers don't steal, people behind computers do steal .

No comments: