-A +A
  Total Views: 14611

What is phishing?

Information Security

Phishing, an expression derived from "password fishing", is an illegal way of collecting personal information such as passwords, bank or credit card account details etc. by sending misleading and fraudulent e-mails.

Due to security reasons, METU-CC never sends any e-mails for the need to update user information such as account name, password etc.

How to discover phishing

It is technically possible to arrange the "From" line in a manner to mislead users on an e-mail. It is crucial not to open address links on e-mail messages demanding your personal information updates or other similar topics.

Never click on the link addresses given in the e-mail that asks you to update your personal information like credit card details, passwords etc. Due to security reasons, establishments that provide services on the internet such as banks, brokerage houses, internet service providers etc. never send their user info update requirements by e-mail. Upon receiving such e-mail, contact the related corporate and confirm whether the contents of the e-mail you received are actually valid.

Lately there has been observed an increase in the number of e-mail sent to mislead users and get their personal information. As time progresses it becomes harder and harder to detect such bogus e-mails. Therefore, in case of doubt, be sure whether the e-mail has been sent specifically to you or not. Check the "To" section if there is only your e-mail address written or the message is sent under a general user name as a bulk. If the e-mail has not been sent specifically to you and the content is suspicious, you can regard that message as fake or spam. Suspicious contents can be as follows:

  • Looking for candidates to work for high pay.
  • I'm the son of the richest tribes chief of Africa, have inherited a large sum, could you help out?
  • Congratulations, you've earned the biggest prize, click on the link to accept.

    The fake web pages given on the bogus e-mails have some various characteristics in common.

  • Generally the pictures are low quality.
  • When you check the address line, you can observe that the connection made is not to the web page intended but to some other address or maybe directly to an IP number.
  • Some bogus e-mails are also sent to collect e-mail addresses. Avoid e-mail messages with instructions like "click on the attached file in order to ...".
  • Do not click on message lines like "if you do not wish to receive similar e-mails click here to unsubscribe" in order not to be flooded with spam e-mail.
  • There are also some e-mail messages that can be for real, but most probably may be bogus, which arouse attention of users with their social content. Such e-mails cause loss of time and resources. Topics like charity donation, help for an ill child or the need for a wheel chair, the need of the e-mail to be forwarded to as many people as you can etc. are all examples of bogus e-mail.

    Phishing e-mail examples

 -------- Original Message -------- 

From: XXXX Bank
To: metuusermetu.edu.tr
Date: Sun, 16 Jan 2011 07:21:55 +0200
Subject: E-Mail/Your GSM Number

Dear XXXX Bank Customer,

Any information you wish to get at goes through our E-mail / SMS services.

XXXX Bank Internet Banking users should indicate their E-mail account / GSM number along with their customer information so as to receive alerts and announcements. Thanks to this warning system any transactions on your account will be conveyed on you as a daily or instantaneous report according to your instruction. Furthermore if you wish, you may have information on economy, daily info, reminders, and other similar detail sent to your cellular or e-mail address at no cost.

Please indicate your e-mail account / GSM number along with your personal information by clicking here.

After you enter the Internet Banking site, click on E-Mail / SMS Services by selecting the services you wish to get you can start making use of our services.

CLICK FOR INTERACTIVE BANKING > http://www.XXXXbank_net.com

Best regards,

XXXX Bank

-------- Original Message -------- 

From: XXXXbankXXXXbank.com.tr (eychennebigfoot.com)
To:metuusermetu.edu.tr
Date: Tue, 18 Jan 2011 10:40:53 -0400
Subject: Dear Customer

Dear Customer,

We have detected that there has been trials to get to your account from different IP addresses. If you have tried to access your bank account during a travel this can be accounted for the above activity. However, if this is not the case, we strongly recommend that you apply to your bank at your earliest convenience in order to check all your account information.

http://www.XXXXbank_net.com

Thank you for your patience.

Best regards,

XXXX Bank
 

-------- Original Message --------
From:securitymetu.edu.tr
To:metuusermetu.edu.tr
Date: Tue, 7 Feb 2011 17:18:12 +0900
Subject: Account Alert

Dear Valued Member,

According to our terms of services, you will have to confirm your e-mail by the following link, or your account will be suspended within 24 hours for security reasons.

metuusermetu.edu.tr/confirm.php?account=metu.edu.tr

After following the instructions in the sheet, your account will not be interrupted and will continue as normal.

Thanks for your attention to this request. We apologize for any inconvenience.

Sincerely,

METU Security Department