Been Phished?

Zeyad Jabra

November 6, 2008

Mrs. Yerks

Comp 106

Been Phished?

Social phishing would not exist as a phenomenon, if there was not a social group that had fallen victim to the scam. Many factors supplement the success rate of phishing websites such as: the familiarity of a website, the legitimacy of the url of the website, and the layout of a web epage. It is important to carefully monitor those three areas, because they are the aspects which make it more likely for a victim to be phished. Although it is possible to help prevent phishing, it is never possible to eliminate phishing from our society completely.

When a website that wishes to scam you resembles a site that you frequent, you will be more susceptible to believing it is legitimate. In 2005, an example of phishing occurred when a familiar e-mail was sent that thanked customers for purchasing a product, which they never truly purchased. Rather than have you directly input the information, the site sneaks into your computer. If you delve into the website any deeper, it creates a Trojan horse in your computer, and causes it to count your keystrokes. The victim has no reason to be concerned all the while, because the site they visited seems credible, and causes no suspicion. Much like a facebook phishing scam, which took people to a facebook page that was slightly altered. Many people did not notice the change, and fell victim to being phished, because they felt numb to the familiarity of a facebook page, but didn’t notice that it was “Facebook AU.’

The Url of a website often gives away its identity, or can help to mask it. A site is better adapt to phishing if the url resembles a familiar address path than be a series of numbers. This happened with the face book fraud, when the url would just read a series of numbers, rather than state facebook, making it obvious that it was a phishing site. Also the title in the command bar of the window, often gives away a secret to the website that you might not see in the rest of the site. Url’s have the potential to be anything, which makes it hard to limit your mind to what a url should look like, because the room for variable is so large. Usually though, if the site you are dealing with is large enough, the url should have something to do with the subject matter of the website, which is an easy way to find legitimacy in websites.

Often time, the layout of a webpage may help to provide a secure roaming area online. On certain pages that require special information, a security code generator is created to limit phishing, because it makes the whole process of entering in information more manual. The security codes cannot be created by computers when it is filling out forms, because it is not in a text field; security generators really help in prevent phishing from occurring. Also, the questions a website ask can often dictate whether is it a legitimately run website or not. If it asks too many questions, or questions that seem like extraneous information, it probably is extraneous. It is best to judge the questions when answering them and decide, does the company need to know this information? One should never give out information that they don’t need to.

Although phishing is a problem in the World Wide Web, it is not impossible to avoid. When understanding the aspects which make it more likely to succeed in phishing someone, it is easier to avoid being phished. Getting inside the heads of the criminal is the only true way to prevent a crime. Whether it is inspecting familiarities for errors, or examining the url, or even feeling out layouts of websites to secure the legitimacy of them, certain aspects can be evaluated and used to feel and be secure online. And although we live in a society that breeds ignorance, phishing seems to be a subject well known enough by the general mass, that it can be avoided. Understanding the reasons why it works, and avoiding the ins and outs of a successful phishing is a simple challenge, that can help you from dealing with a lot of pain later. Social phishing, does exist thus, and it actually works; without the techniques developed and explained, phishing would have a much harder time being successful across the span of the World Wide Web.