Saturday, January 20, 2007

Beware of Phishing !

There is an article in rediff today about "How thieves rob you online" which is informative and alarming too. The article says $6 billion is stolen by phishing till now globally !
I am sure any one who reads this blog will have an Bank account and would have operated his/her account online. With the increase in number of online transactions (Financial transaction in the Internet); online fraud also grows proportionally. (I leave it to some one to calculate the amount of fraud to amount of online transactions !)
What is Phishing ?
Acquiring sensitive information such as Bank Account Numbers, Credit Card Numbers, Personal information through web communication by misrepresentation is generally termed as Phishing. This information is then used for committing a fraud.
A Simple Example
It is quiet tough when some one is intentionally trying to cheat. A simple example is you try to login to your bank account with an address like www.icicibank.com but when you type you type it as http://www.icicbank.co.in/ or http://www.icicbank.com which are actually wrong address. Notice the difference in the spelling. What happens if some one is using the wrong address intentionally to commit fraud by designing their website similar to your bank account ? You might not notice the difference and simply try to login with your user id and password. The person captures the information and uses it to login to your account to commit a fraud. Theoretically all these frauds can be traced back but do you need to risk ?
This is just one way. Read the information provided by your banks on security carefully and understand them. Generally a lot of people ignore such communication.
How to counter Phishing ? or How not to become a Victim of Phishing ?
Simply follow the golden rules
1. Never share your login id and passwords of your email, bank account etc.
2. Do not share your credit card number to any one.
3. Do not send these information even to the organisation which has issued this. A Trustworthy organisation will never ask this from you !
4. Do not use the same password on all web sites.
5. Frequently change the passwords.
6. Do not use simple passwords which every one can guess it.
7. Use a browser with Anti phishing software. Browsers like internet explorer 7, Mozilla Firefox 2.0 Opera 9.1 supports anti phishing options. Enable these options.
There are Banks like HSBC which issues a secure pin generator which is to be used in addition to your password. Hope other banks also implement such security features soon. Similarly most of the Bank implement in secure web site (https://infinity.icicibank.co.in/ Watch the "s" after "http" : "https"which denotes that security has been enabled on the web page.)
I know any software consultant would appreciate the contents above and will also add more such golden rules !
Am i following the rules given above ? Not yet; i think it is time for me to follow them !
Mohan Raman V

No comments: