girls alike: Phishing: Examples and its prevention methods.

Phishing is a new type of network attack where the attacker creates a copy of an existing Web page to trick users by using specifically designed e-mails or instant messages into disclosing your private information that will be used for identity theft. Typically, the e-mails come from well known and trustworthy Web sites such as PayPal, eBay, MSN, Yahoo, BestBuy, and America Online. The e-mail directs the user to visit a Web site where users are asked to update their personal information, such as passwords and credit card, social security, and bank account numbers, that the authorized party already has. This practice is sometimes referred to as "fishing" because the attacker is fishing for user private account information. Typically, attackers try to trick user into providing user name and password so that they can gain access to an online account. Once the attacker gains access, they can use the user’s personal information to commit identity theft, charge user credit cards, empty user bank accounts, read user email, and lock user out of the online account by changing user password.

One of the examples is WesBanco Bank, Inc. WesBanco is a multi-state, bank holding company. The headquarters is in Wheeling, West Virginia. Deposit and nondeposit products are available through the WesBanco companies. WesBanco has been phishing attacks in the last few weeks. The prevention that WesBanco do is that they will upgrade the servers to withstand this severe flow of attacks. In addition, they will be implementing additional security features in their online banking service. Due to these upgrades, user may experience interruptions while using WesBanco’s online banking. There is another method that can prevent users from being trick, that is update their WesBanco online banking information by clicking the link below: https://onlinebank.wesbanco.com/update

Another example is PayPal where spelling mistakes occurs in the e-mails and the presence of an IP address in the link(visible in the tooltip under the yellow box) are both clues that this is a phishing attempt. Another difference is the lack of a personal greeting, although the presence of personal details would not be a guarantee of legitimacy. Besides that, other signs show the message is a fraud are misspellings of simple words and the threat of consequences such as account suspension if the users fail to comply to the message's requests. The PayPal prevents these problems by advising the users of PayPal never to provide their password to unknown persons. PayPal will automatically update the users’ confidential details using the Secure Sockets Layer protocol (SSL). PayPal will not ask their users to enter their password in an e-mail as well.