University of Calgary

Phishing

Submitted by powlesla on Thu, 2007-03-01 15:53.

What is Phishing?
Spotting Phishing Emails
Phishing Protection
Phishing Filters
Dealing with Phishing Messages
Vishing
Getting Help

What is Phishing?

Phishing is a fraudulent attempt to steal personal and financial information often by masquerading as a reputable business or organization such as a bank, store, or credit card company. Typically the attempt starts with an unsolicited email message.

A link in the messages then sends you to a fraudulent website that closely resembles the legitimate website where you are asked to enter your account name, password, and other confidential information.

By tricking people into revealing their personal information, criminals may then withdraw money from bank accounts, apply for credit cards, or use the information for other illegal activities. Depending on the business involved, victims may be liable for all funds taken.

Spotting Phishing Emails

Phishing emails and their associated fraudulent websites can be sophisticated and hard to spot. Many use the same logos and page design of the actual company's website in order to appear legitimate.

Always be suspicious of any email asking you to divulge personal information online. Banks and credit card companies do not send unsolicited emails to customers asking them to provide account information.

Some of the signs of phishing emails include, but are by no means limited to:

  • Impersonal greetings - the message does not refer to you by name
  • Spelling mistakes - these usually indicate that the email is not from the company
  • A sense of urgency - often phishing emails will claim that you need to respond immediately.


Anti-Phishing Phil is a web game that teaches how to identify phishing scams and decipher between real and fake URLs and other practices used by phishers.

Phishing Protection

Anti-phishing protection is being incorporated into email programs and web browsers. The latest versions of Firefox, Thunderbird, and Internet Explorer contain antiphishing security features that will warn you when you receive suspicious email or visit a known fraudulent website.

To protect yourself, use an email program and web browser that supports these antiphishing security features.

Phishing Filters

Phishing filters now come with most web browsers, such as the latest versions of Firefox and Internet Explorer. Some web browsers, such as Safari, do not currently have phishing filters. You should be able to check if your web browser has anti-phishing capabilities by looking at you security preferences in your web browser.

Phishing filters work by checking the URL of a website against a list of known phishing and spoof websites. Different phishing filters utilize different methods, although all allow for reporting potential phishing websites.

To find out more about Internet Explorer’s phishing filter see http://www.microsoft.com/hk/protect/products/yourself/phishingfilter.mspx

To find out more about the Firefox phishing filter see http://www.mozilla.com/en-US/firefox/phishing-protection/.

For more information about preventing phishing see the Anti-phishing workgroup at http://www.antiphishing.com

Dealing with Phishing Messages

If you are suspicious about an email message, do not click on any links in the email.

To check whether a message is legitimate, hold the mouse cursor over the link they want you to use. Depending on your email client, the path of the URL will be displayed in the window. If the link is pointing to an URL that is different from the company's actual address, it may indicate a phishing attempt.

In Thunderbird you can also check the message by selecting Message Security Info under the View menu. Thunderbird will tell you if the message has a digital signature and whether it has been encrypted or not. If there is no digital signature, it may indicate that the sender's address is fake.

To research the message, open your web browser and go to company's website. Look for security alerts. Banks, online auctions, credit card companies, and other online business often post the latest fraud alerts on their websites and ask that you send fraudulent emails to them. Forward the message to their security email address and then delete the message from your mailbox.

Lastly, if you believe your account has been compromised, contact your bank or credit card company immediately.

Vishing

Vishing uses telephones, rather than email, to fraudulently impersonate companies in order to gain personal and financial information. The criminal uses a computer to call all the telephone numbers in a specific area. When a person answers, an automated computer message instructs you to call a specific number. When you call that number, you are then asked to provide personal information like your credit card number and expiry date. Criminals then use the information to withdraw funds or purchase merchandise.

Vishing plays on the trust that most individuals have for telephone communications. If you receive a phone call that asks you to call another number, it may indicate a vishing attempt. Contact your telephone service provider and report the incident.

Getting help

You can report phishing, vishing, and other illegal scams to the RCMP's national anti-fraud call centre. For more info, see the Phonebusters website.

Search IT