Online Identity theft: Phishing

Identity theft is a very commonly used term in recent years, which has found its manifestation in various forms. Many countries are waking up to this relatively new term acting as a promising avenue for criminals. They are churning laws to label identity theft as a crime and looking into the system for loop holes. Phishing is an online manifestation of identity theft, which involves obtaining confidential information from an individual. In simple terms, when identity theft is conducted through e-mail, it is known as phishing.

Types of phishing

The various types of phishing attacks are as follows:
· Email imitating original companies luring people into sharing their credit card numbers.
· Emails imitating error pages of same websites enticing people into sharing their passwords.
· Spear phishing in which message looks like as if it has come from your employer or colleague.
· Lottery winning emails
· Donation emails
· Emails enticing people to click the links and download attachments that may ultimately end in corrupting host’s files.
· Web Trojans, the pop ups over the log in screens which seems as if you are entering the information in the original site.
· Phishing that involves injecting malicious content in the original site that can take the user to other sites and make them installs malicious software.

The hackers make the pages look legitimate by putting actual company logos, the look and feel of the web pages are made almost exactly same by using fonts from the original site and providing the links which seems to take you to actual sites but are completely fake. The common thing in all the phishing mails is asking for confidential information. Phishing can lead to financial losses, corrupted machines, email access denials and sometimes complete image assassination.

Tips to tackle phishing

Phishing attacks can only be prevented if a normal user of Internet is aware of the various forms of phishing and have the ability to recognize them and deal with them. Here are few tips to deal with the phishing attacks:

· On receiving an unexpected email asking for your information, call the involved company and enquire about it.
· Usually mails from the banks or other financial institutions address the customers by their names, so look for these signs.
· When entering the information on a financial site, check whether the page is secured or not. This can be known by a small lock appearing in the browser’s status bar.
· Completely prevent yourself from being enticed by lottery winning emails until you are actually expecting it. Do not click the links provided by any chance.
· Before going ahead with donations, contact the mentioned individuals personally by phone or any other medium other than email.
· Do not download any unwarranted attachments.
· If some confidential information is divulged by you unknowingly, contact the company, financial institution involved immediately.
· No legitimate company asks you for passwords. Never provide passwords to your accounts on the emails.
· Try and not to use links provided in the mails for giving away confidential information. Go to the sites by yourself.
· Sometimes the tool tips of the links are also a giveaway. Put your mouse cursor on the link and tool tip will appear. For a fake site, the link will be just gibberish and for a legitimate site, it normally makes sense.

Tools to tackle Phishing

As more and more people becoming aware about phishing, new tools are being developed to combat phishing. Some of these are as follows:

· Microsoft phishing filter protects from the personal identity theft by reporting phishing web sites.
· Windows Vista has parental controls, which prevent children from downloading unwanted software’s.
· Windows Vista has user account control that warns of the potentially dangerous programs.
· Phish Net a free download from Webroot software guards your personal data; it monitors the web sites you visit and keystrokes you make. If you by chance, go to a phishing web site, Phish Net protects you.
· Anti phishing toolbar, TrustWatch from GeoTrust monitors the websites you visit and rate them and caution you.
· Scamblocker a part of EarthLink, SpoofStick, Phish Trap and Kaspersky Internet Security are other good examples.

The power to combat phishing attacks lies with all the internet users. The success of any identity theft is basically due to the ignorance of individual’s involved and relaxed attitude. With a little awareness and education about the means to tackle phishing or any other identity theft, a user can secure all the confidential information he has and will never fall prey to these attacks.