Bill Williams (IT): Support Site
[home]
|
[profile]
|
[register]
|
[help]
|
[Contact Us]
Revise:
Note: You must be registered in order to post a Topic or Comment.
To register,
click here
.
Note: Only the poster of this message, and the moderator can edit the message.
Your UserName:
Your Passkey:
Forgot your passkey?
[Click Here]
Byline:
for Staff use.
Body Text:
For a guide to
embellishing
the text,
click
here
[h3]Phishing[/h3] The fake email above is a simple instance of what is generally known as phishing [Phoney fishing ?] Most often it is not an attachment but a link in the email that is fake Which is why it is best to always view your emails as plain text. It's nice maybe to have those pretty emails with logos and backdrop paper textures etc, but its far safer to look at them as plain text so that you do not get fooled by fraudsters. Here is a phishing attempt I received some time ago. It pretends to be from HSBC and tells me about fraudulent attempts. [quote]Hsbc Bank plc. is hereby announcing newly upgrade security system. We have been dealing with cases of fraudulent messages in recent times and we have decided to carry out a verification exercise on all of our customers account to prevent them from being victimized. Due to the recent security upgrade, you are requested to follow the link below.http://www.hsbc.co.uk/1/2/personal/pib-home/ We appreciate your understanding, as we work towards making Hsbc Bank a safe and reliable place to do business. Thank you for your patience in this matter. [/quote] And here is the actual text of the key sentence: Due to the recent security upgrade, you are requested to follow the link below.<a href="[red]http://www.manualdirectory.co.uk/menu/hs/index.php[/red]">[green]http://www.hsbc.co.uk/1/2/personal/pib-home/[/green]</a><br><br> The RED bit is where it will actually go if you click the link (a crim's website), the Green bit is where it LOOKS as if it will go if you view your email in HTML pretty format. REMEMBER: Real Banks will never ask for this kind of information. If you see an email of this type delete it without compunction. :-)smile Another typical phishing attempt: [quote] Dear Citibank Customer, We recently noticed one or more attempts to log in to your Citibank account from a foreign IP address and we have reasons to believe that there was attempts to compromise it with brute forcing your PIN number. No successful login was detected and you have full protection by now. If you recently accessed your account while travelling, the unusual login attempts may have been initiated by you. The login attempt was made from: IP address: 173.127.187.124 ISP Host: cache-822.proxyserver.cis.com By now, we used many techniques to verify the accuracy of the information our users provide us when they register on the Site. However, because user verification on the Internet is difficult, Citibank cannot and does not confirm each user's purported identity. Thus, we have established an offline verification system to help you evaluate with whom you are dealing with. The system is called CitiSafe and it's the most secure Citibank wallet so far. If you are the rightful holder of the account, click the link bellow, fill the form and then submit as we will verify your identity and register you to CitiSafe free of charge. This way you are fully protected from fraudulent activity on all the accounts that you have with us. Click to protect yourself from fraudulent activity! To make Citibank.com the most secure site, every user will be registered to CitiSafe. NOTE! If you choose to ignore our request, you leave us no choice but to temporally suspend your account. * Please do not respond to this e-mail, as your reply will not be received. Regards, Citibank Customer Support [/quote] [blue]In phishing attempts, of course, the target website is preset to look exactly like or in the same style as the real Bank's website. And it contains a fake login page. Some really crafty techniques are used, such as superimposing an invisible page on top of the real page from the bank. and/or using man-in-the-middle techniques whereby the info the victime types in is also passed to the real bank and the victim ends up logged into his bank for real without realising that his/her credentials have been stolen.[/blue] On a real bank, the login page will be a SECURE page, check the address bar; it should begin with HTTPS with that extra S there indicating SECURE. Bill.
Check here to include your profile signature.
Check here Remember Details.
Go to Home Page