How to Identify a Phishing E-mail

Phishing not to be confused with fishing, is an illegal means of obtaining somebody else’s sensitive information such as credit card details, user names or passwords. The way phishing works is that a legitimate looking e-mail is sent to an unwary victim. The phishing e-mail contains a link that directs the victim to a legitimate looking site that requires action (usually asking for the victim’s details, user name and password). When the user is fooled into submitting the required details (example: PayPal e-mail and password), then that user has just been a victim of phishing and chances are any PayPal balance he has would be gone in the next 24 hours, not unless he does something quick to protect his account. To help you identify phishing e-mails. Here’s an example of an e-mail designed to phish ebay information from users: If you notice, the subject and the content of the e-mail looks very real (almost legitimate to the untrained eye). However, hovering the cursor on the link where the user should click reveals this URL: The link actually leads to kisarow.com and not ebay.com. For those not very familiar about domains and its naming convention, just take note of the following. If you look at the part of the link closely right after the http:// and just before the first slash / which is cgi.ebay.com.kisarow.com, the last part to the right which contains the domain extension (.com, .net, .org or .whatever) is the real domain. In this case kisarow.com (which I highlighted in the screenshot for emphasis). Your best bet to protect yourself against phishing though is never to click on links from e-mails that ask for sensitive information. Legitimate sites like PayPal, eBay and banks with online services will NEVER ask for your user name or password and when your Firefox browser shows a screen like this: Don’t even bother about looking at the site, close your browser and mark the e-mail where you clicked the link from as SPAM. Then be thankful to the person who was fast enough (and kind enough) to identify and report the phishing site. ^_^]]>