NETIZENS BEWARE, OF SPOOF EMAILS If you are an internet user, the matter relates to you Internet, has made our life a lot easy, from research to sending emails, sharing photo, chat rooms, messenger, bill payment, shopping, air/railway/bus ticket, to social networking, are just a matter of few clicks. The latest boon is netbanking/mobile banking which spare us from standing in queue in banks for financial transactions. Unfortunately, in such activities we put a lot of personal information on the internet, which Cyber Criminals use (or misuse) to commit fraud on us. This article discusses about an online fraudulent attempt called Spoof or Phishing Email.
Lets have a look at email below, for instance : Due to the congestion in all Yahoo! users and removal of all used Old and New Accounts, Yahoo! would be shutting down all used Accounts, You will have to confirm your E-mail by FILL IN all requested Information below after clicking the reply button, or your account will be suspended within 48 hours for security reasons. The personal information requested are for the safety of your Yahoo! Account. * Full Name : ……………………………….. * Email : …………………………………….. * Password : ……………………………….. * Date of Birth : ………………………….… * Occupation : …………………………..…. * Country or Territory : ……………………. Warning!!! Account owner that refuses to update his or her account before two weeks of receiving this warning will lose his or her account permanently. NOTE: Your information will not be shared and your password is safe. Sincerely, Yahoo! Member Services Case number: 8941624 Property: Account Security Contact date: 06-04-2010
Can anyone suspect foul play in the email above? It is confirmed that Yahoo did not sent the mail. Then who sent it? If your guess is Cyber Criminals you are right. Such mails which fraudulently collect personal information are called Spoof or Phishing Emails. If we are not cautious and reply to such emails, the pranksters will use the password to open our email account, change password so that we are not able to login, and send messages from our ID to all from our contact list requesting to send money into pranksters account by citing varied reason from illness to arrest. The damage is often irreversible. Lottery Scam : Everybody wants to become rich. If it happens to be through lottery, we consider ourselves lucky and tend to do whatever is asked, to claim the prize. Cyber criminal use this instinct to lure us by sending emails which promises money won in millions of dollars, based on random selection of emails by computer. The winner is asked to send personal information including bank a/c details, password etc to claim the prize money. Sadly, those who respond to such emails loose their email account details, bank account information, credit card
details etc and end up loosing whatever money they had. The point to ponder is we never won a lottery for which we bought tickets then how can we win by not doing anything. Online banking fraud : I was surprised by a mail from a pay site informing that my account usage has been limited and asked to click on a given link to resolve the issue. Since I was not using that particular paysite, I grew suspicious and reported the matter upon which the paysite informed that the email was indeed a spoof; a phishing attempt to collect netbanking password. I discussed the matter within my peer, one of my friend reported receiving such email from a nationalized bank. Clicking on the given link opened a page which looks similar to the banks original netbanking login page. Careful observation revealed that the address displayed on the address bar was not of the bank. But the thing is how many of us will check the address bar before we press Enter. Cyber criminals thrive on this attitude to commit fraud. Now the question is what to do to prevent such fraud? Besides installing an up-to-date Antivirus software, we need to know and follow some basic rules : * First and foremost - Password is confidential to its owner. Never disclose your password to anybody. No bank will ask its customer to reveal password, it is not allowed. * Create passwords by mixing alphabets, numbers etc. The password should not be a conventional word found in dictionaries. Never use name/nickname, mobile/vehicle number, date of birth etc for passwords. * Always log on to your netbanking site by typing the address in your browser yourself. Never login through links provided in emails, even if you decide to login, type the address in the address bar yourself. * Always see that login page URL address begins with https: and a padlock is seen in the address/status bar. The letter “s” means website is safe/transaction is secured. Clicking on the padlock should display the sites security certificate. * Never carry out netbanking transactions in cybercafé or browsing centers’, they may steal our password. * Never disclose personal information such as phone number, address, etc. It is better to keep such information away, even from social networking sites. There are lots of instances when unsuspecting people lost money since they failed to identify phishing mails and responded. Few cases have been reported from A&N Islands also wherein peoples lost money by responding to SMS. It is important we share our knowledge on the issue and make people aware of such frauds. So, netizens next time when you want to be online, type the sites address yourself, look for https: specially “s” and a padlock in the address/status bar of login page before pressing Enter.
debkumar_bhadra@yahoo.com
- DEBKUMAR BHADRA Shore Point, Bambooflat, S Andaman-744107