Beware of the phishing website! What is phishing? Phising is a new term origin from the English word “Fishing” and probably “phreaking”, means to “fish” someone to the bait to expose own confidential information, mostly user password, which allow transaction valuable item, usually bank account money. The fisher gains the password of the victim and transfer victim’s money to his own account. That is bad isn’t?

Normally, the phisher send e-mail to potential victim’s E-mail’s account, using some trick to lead user clicking on the link from the E-mail. The trick, for example, revealing that the user’s account has been locked or deactivated due to numerous time of invalid login. A link is provided for user to visit the forgery website and prompt user to login as a confirmation or reactivation. The forgery layout is simply same as the original one, except that the URL is different. The URL could be very similar, but if you look carefully, it is just a trick to make illusion happens. For example, an original website http://www.google.com, a phising website could be http://www.google.phish.com, where the phish.com is the real domain, and google.phish.com is just a subdomain of phish.com. Users might probably trust the content of the E-mail as they saw the world “google” in the URL address. If you login, your username and account will be received by the phisher immediately.

How to prevent being phished?

• Be aware on whatever website URL you visit.
• Do not fool by the appearance of the website.
• Always check the URL of the website.
• Never click any link asking you to login from an E-mail. Go to the website and type in the URL manually by yourself if you must verify the message from the E-mail.

How do you warn people around the world about the phising website? You could tell your friends by E-mail, Instant Messenger, and so on, but you could probably mislead your friends if they simply click on the link and login without comprehend your message.

The best way I can think of is to report it via your browser. I personally reported a forgery website www.tac-you.com, which is a forgery to www.maybank2u.com.my, a website of Bank Malaysia. It takes the related community about 20 minutes or up to few hours to block the website. For the full URL of forgrey, refer the image below:

A Maybank Forgery Website

Using Firefox 3, when viewing the forgery website,  click Help> Report Web Forgery. You will be leaded to a website which prompt you to enter a verification text to report web forgery.

Using IE7, go to Tools> Phising Filters> Report this website to report phising website.

An example when Firefox blocks you from visiting the phishing website.

Firefox: Reported Web Forgery!

When you see any phishing website, remember lodge against the website a.s.a.p through the browse. You could help to prevent more victims being phished by cheaters! FYI, I was once a victim. The phishing E-mail told me that my account was deactivated. As I was worried about my account would be stolen, I simply click the link from the mail and login to the forgery website in hurry. In just less than 10 minutes time, my bucks are gone! Although the amount is small, but it is quiet upset for a student without income to lose money to cheater.

Like

Unlike