Combating Phishing on the Internet


Astronomical growth in Information Technology has become an integral part of our lives, permeating all facets of human endeavour. Every discipline today employs information technology to facilitate and boost its productivity and communication. The internet, while revolutionising business beyond recognition in the past few decades, has also made personal information more accessible. In other words, the internet, while reducing this planet called Earth to a global village, has also blurred the lines between our professional and private lives.

One of the cons of the internet has been the arrival or invention of cyber crimes. One major type of cybercrime today is that of identity theft. In the scenario of identity theft, a person or a website presents himself or itself to be another person or website, by assuming the person/website’s identity by appearing exactly like the genuine website. The motive for this identity theft is so that the fake person or website can obtain classified data (like a credit card) from its unsuspecting victims who believe that they are dealing with a genuine and trusted person or website. Now phishing surely reminds me of the story of Esau and Jacob in the Bible (Genesis 25: 27 – 34). Jacob stole Esau’s identity in order to obtain the blessing Isaac had reserved for his elder brother. Recall that Jacob wore animal skins in order to “feel” like Esau before his blind father. However, even Isaac remarked that the voice sounded like that of Jacob although he felt like Esau. Today’s identity thieves seemed to be much smarter than Jacob was because their victims are hardly aged men with dulled physical senses like Isaac. Except a web surfer is vigilant and careful, he could easily be outsmarted by these criminals lurking behind the facade of trusted names and brands.

Phishing pronounced as “fishing” is a luring technique used by hackers or identity thieves to acquire personal and confidential information from a recipient or victim. This information could be a password, an email, a username, a credit card details and often time, money. Most of the phishing sites masquerade popular websites like social media sites, banks and credible and well-known companies, especially information technology (IT) related companies. Often, emails are also sent using email spoofing, appearing to come from a trusted source with links to phishing websites which are often infested with malware. Many internet users do not bother to look at the website’s address carefully nor check to ensure that the spelling of the site is correct. They get lost and carried away by the seemingly familiar look of the website and forget to ensure the presence of many other features that could help identify legitimacy. Malware is malicious software used to gain access and gather personal and sensitive information and also could result in disrupting normal computer operations .They could come in the form of computer virus, worms, adware, and spyware. These are tools that are used by hackers and phishers alike.

The growth of phishing in Nigeria has also been very alarming. The Nigerian approach is tricking victims into revealing personal information like account details, ATM PIN, password and phone numbers by deceiving the victim to believing that he or she can make quick and easy money. Alternatively, the victim may be lured by being informed that he or she could just pay a token or opportunity to travel abroad. I once received a mail that I had won a lottery. The mail informed me that I had to simply fill a form and transfer a token sum for my windfall to be processed. I am sure many of you reading this article now may have had similar experiences like mine. I am also sure you have received an SMS that you won some money from MTN Nigeria and that you should call a particular number for further details to make your claim. Bulk SMS today has become a common channel for phishing in Nigeria. Sometimes they (phishers) tell you your account has been deactivated and you need to feel out a form to reactivate your account. Others forms of phishing are African scam letters where the scammer creates the impression of having so much money and needs assistance for the funds transfer. These are the common approach of phishing in Nigeria today and victims are not very aware of these dubious schemes because of how authentic they all look.

In recent times, the growth of social media has actually enhanced the activities of phishers. Most users of social network sites put up their personal data and daily activities online without cautioning themselves on what goes public. A simple approach by a phisher is to go online and look up details of his target who could be bankers, company owners, rich kids and interesting users. They study patterns and send phishing email that could simply be very appealing to you and make it appear like it is coming from someone you know, with your full name and some major details that will convince you that the mail is coming from a genuine source. They might also have a site similar to a common site you know. Some very phishing group also succeed in defacing some common website and redirecting users from the site to another of their choice, also causing a denial of access to email and of course financial losses. According to Wikipedia, it was recorded that from the period of May 2004 to May 2005, approximately 1.2 million computer users in United states suffered losses caused by phishing, approximated to about $929 million (US dollar) and business in United State suffered over $2 billion yearly losses as clients became victims of internet scams. This shows how serious phishing could be and its effect on the economy, especially a growing economy like that of Nigeria. Phishing has now been established and recognised as a fully industrialised part of the economy of crime.

There are various techniques used in achieving phishing scam. Common approaches are in the expert use of scripts like JavaScript to deface and alter address bar on a browser by either importing or using images from legitimate websites that make theirs look authentic. According to Wikipedia, flaws on legitimate sites are also explored by scammers, making their website look exactly like the real website. This is called website forgery and could be achieved with some technological tools that are also available online for free. A legitimate website can also be placed in an IFrame on another website and a pup also placed to collected sensitive data from victims. These are just a few approaches achieving phishing scam.

Combating and avoiding phishing starts with being enlightened of techniques employed by scammers. Knowledge is the bedrock of avoiding phishing. Another approach is by using the legal approach as well as technological means to fight and protect users. Furthermore, there is anti-phishing software available; from some “open source” and some others proprietary. Some modern browsers like Chrome, Safari, Firefox and Internet Explorer 10, today also come with some anti-phishing tools integrated. These are positive approaches by companies to help the public protect their investment especially in the contemporary world of internet banking and e-commerce.

In conclusions the Anti-Phishing Working Group has recently compiled a list of recommendation that could help a user avoid, protected and remain safe online. They are listed below:

  • A user has to be suspicious of any email with urgent requests for personal financial information online except it is digitally signed. (Digital signature – should be our next topic). I will also add in our peculiar case, beware of unsolicited SMS requesting for your pin, password, phone number or any sensitive information.

 

  • Avoiding using links in an email, instant message, or chat to get to on any web page if there is any suspicion that the message might not be authentic or you don’t know the sender or user’s handle, rather look for a phone number and call.

 

  • Try as much as possible to avoid filling out forms in email messages that ask for personal financial information.

 

  • Never forget any credit card transaction or financial transaction online. Credit card or financial transactions should be on a secure site via your web browser.

 

  • Most scam sites do not show the “https://” and/or the security lock. Always, always check the address line for the extra “s” on the “https” before doing any transaction especially when you are redirected to a payment gateway like Interswitch, Etransact or even Paypal.

 

  • There are tools that can help protect you against fraudulent websites, they match where you are going with lists of known phisher Web sites and will alert you.

 

  • The newer version of Internet Explorer Version 10 & 11 includes this toolbar as does FireFox, Chrome, and Safari.

 

 

  • Regularly log into your online accounts.

 

  • Regularly check your bank, credit, and debit card statements to ensure that all transactions are legitimate.

 

  • Ensure that your browser is up to date and that security patches are applied.

 

  • Always report “phishing” or “spoofed” e-mails to the following groups:

 

  1. Use the form on http://www.antiphishing.org/report_phishing.htmlreportphishing@antiphishing.org
  2. Forward the email to the Federal Trade Commission at spam@uce.gov
  3. Also NCC(“http://www.ncc.gov.ng”),
  4. NITDA(“http://www.nitda.gov.ng/”), and
  5. EFCC (“http://www.efccnigeria.org/efcc/index.php/contact-us-2).

 

  • Notify the Internet Crime Complaint Centre of the FBI by filing a complaint on their website: 

 

Below are links you can visit for more details, resources, and information phishing:

  1. http://www.privacyrights.org/fs/fs17a.htm
  2. http://www.ftc.gov/bcp/edu/pubs/consumer/alerts/alt127.shtm

 

http://www.apwg.org/reports/DOJ_Special_Report_On_Phishing_Mar04.pdf

Previous 7 Things to Consider Before You Take That Job
Next Art as a Tool of Evangelism

No Comment

Leave a reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.