You Have Clicked On A Link That Is A Fake Phishing
Attack
This is
NOT a real phishing attack. This is
a fake phishing attack it will NOT
do any damage to your computer security. This is part of Irena Lazarevic’s
thesis experiment, which you have signed up for to participate in.
The common approach to phishing is to send a
fake e-mail. Where the victim is directed to a fake Internet Web site where
their information is captured. (Web page spoofing). This happened to you when you clicked on this
link. Virus protectors and firewalls do not catch most phishing scams because
they do not contain suspect code, while spam filters let them pass because they
appear to come from legitimate sources.
A phishing scam is an identified theft scam
that arrives via e-mail. The email appears to come from a legitimate source,
such as a trusted business or financial institution, and includes an urgent
request for personal information usually involving some critical need to update
an account immediately. Clicking on a link provided in the email leads to an
official-looking (spoofed) Web site. The Web page would look identical to the
official page except a link on the page would forward the user’s information to
the scammer’s web site. Personal information provided to this Web page goes
directly to the scam artist and not to a legitimate organization.
It is difficult for most users to identify a
phishing target by looking at the Web page. However, glues in the address can
sometimes reveal the deception. Similar looking characters might be substituted
in the spelling of the link for the real character so that a “1” is used in
place of a lowercase “L”. EXCAMPLE: Phishers use paypa1.com rather than
paypal.com. Phishing scams have become so sophisticated that phishers can also
appear to be using legitimate links, including the real site’s security
certificate. Another variation of the phishing scam is called the verification
scam. For several years, individuals have purchased the domain names that are
similar to those of legitimate companies. It may be in the form of
abcname-order.net. The real company is abcname, but it does not have a “-order”
in its domain. Phishing scams also change the Web page address from .org to
.com. Hackers than send out millions of emails requesting that consumers verify
account information, birthdate, and Social Security numbers. Some computer
users will respond and compromise their resources.
AVOIDING: The best way to protect against
phishing scams is to avoid supplying personal information to an e-mail request.
If a user believes that request might be legitimate, call the company’s
customer service department to verify this before providing any information, do
not use phone numbers contained in the e-mail.
The Anti-Phishing Working Group (APWG) is the
global pan-industrial and law enforcement association focused on eliminating
the fraud and identify theft that result from phishing, pharming and e-mail
spoofing of all types. The Federal Trade Commission (FTC) also has advice for
consumers, and e-mail address for reporting phishing plus a form to report
identity theft. The Web site is located at www.ftc.gov.
Thank you for your participation in my thesis.
If you have any questions please contact me at ilazar94@lakers.mercyhurst.edu.
Sincerely,
Irena Lazarevic
