Top Tips To Create A Persuasive Sales Letter

 

 Anti Phishing Software

Phishing is the attempt to acquire sensitive information such as usernames, passwords and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an email or other electronic communication.

Phishers send out mass emails or post on social media sites using false identities purporting to be representatives of a well-known company (e.g., eBay), financial institution (e.g., banks), auction website (e.g., eBay auction), utility company (e.g. electric, water or gas), police or immigration services (e.g., bank account blocked, overdue passport renewal), or hotel chain (e.g. guest reservation confirmation). The resulting fraudulent correspondence guides the recipient to visit a fake website whose look and feel are identical to the legitimate one.

Phishing emails frequently include links to websites that are infected with malware, such as spyware, viruses and trojans, which will infect the computer of someone who clicks on the link. This is known as phishing under attack. There are also other techniques used in phishing attacks such as spoof email messages that appear to originate from a colleague or other individual in an attempt to fool the user into revealing private information about the organisation they represent.

In 2010, a survey by the Ponemon Institute think tank reported that the average cost of a data breach resulting from phishing was US$197 per record. The average total financial impact of these breaches was $5.5 million.

"Phishing" is a neologism formed as a portmanteau of the words "phreaking" and "fishing." In phreaking, a person tries to get access to telephone networks illegally, most often by pretending to be using them when they are not. "Fishing" refers to luring a person to a website with the purpose of capturing private information about them (such as passwords), typically in order to gain access to their information or steal something of monetary value.

The term was coined by hackers on the Internet in an act of self-deprecating humor.

In fact, this kind of deception is referred to as "social engineering". However, it has come into use by security professionals, and is a recognized term used in law enforcement and cybersecurity.

One reason phishing works is because people often do not notice that the URL in the address bar does not match that of the site they are really visiting. For example, in the above real email example, the URL that is advertised as belonging to eBay actually points to a malicious website. Because phishers use an authentic-looking URL that they have registered themselves, many people fall victim. Unlike other websites, it is not easy for users to determine whether or not a website is legitimate. It is also hard for web browsers to verify because phishers can register the same domain name multiple times using different servers and host records at different times of the day for different durations of time (see DNS poisoning). In addition, phishing sites may be designed to look like anti-phishing websites or SSL-secured pages in order to increase their credibility.

Email phishing may be carried out by any malicious party, including individuals, businesses or governments.

Emails containing phishing links are typically sent in large numbers; millions of messages are usually generated each day. If a victim finds the email convincing and clicks on the provided link, a web page will appear that is similar to the website they believe they are visiting, but in reality is a counterfeit website set up specifically for this attack. The appearance of the two websites will often be nearly identical (e.g., URLs similar or identical to that of the real website). The victim unknowingly enters their username and password into the fake website and their details are captured by the phishers.

Phishing is an attack on people. It occurs because people trust other people and organizations to protect their information. Phishing causes harm because it exploits the psychology of human interaction and trust, which has been studied as a social tendency to do what others do. Phishers exploit this tendency by combining stealing of personal information, such as passwords, credit card numbers, etc., with deception that looks like a security measure or offer from the "target" organization. Victims are trained to trust all kinds of institutions, and phishing use this trust to get victims' information. (e.g. Social Engineering. For example, to enter one's password, the phishing site may suggest that people enter it again to verify that they have typed it correctly.)

Anti-phishing software is a technology used by some websites to detect phishing by comparing domain names with a database of known phishers. The majority of all anti-phishing software works using blacklists: When a user attempts to visit a website, the anti-phishing software compares the website's URL against lists of known phishers maintained in real time by security companies or other organizations. The lists are usually developed using DNS hijacking techniques and honey pot websites. Notable blacklists include Google's Safe Browsing list, Norton SafeWeb and SpamHaus.

Internet service providers (ISPs) along with email hosting companies have been making significant improvements to their filtering and detection technology in the last few years. As a new detection method, ISPs started using DNS query fingerprinting technologies. This means that if a user accesses the site from a certain location, the DNS request will be handled differently than if the request came from another location. In other words, DNS query fingerprinting can be used as an anti-phishing tool by comparing different requests coming from a single user's ISP to determine if they are coming from an ISP located in North America or Europe or Asia. However, this technology is not without flaws. The amount of users that can be correctly identified by this method can be limited due to DNS resolvers caching DNS queries and IP addresses that belong to a certain ISP. In addition, local ISPs could still share the same IP addresses amongst their customers.

Another new technology used for anti-phishing is tokenization. This method tries to solve the problem with phishing by replacing sensitive data with random values called tokens. This has several advantages over blacklisting such as being able to distinguish between the actions of a phisher and the actions of legitimate users in an attempt to determine if they are on a phishing site.

Conclusion: It is clear that DNS hijacking and honey pot websites are still valid methods of generating blacklists, but the new technologies of tokenization and DNS fingerprinting will become more important as phishing websites become more sophisticated.

From a technical point of view, the term does not apply to attacks that involve an attempt to steal private information over an open network such as the Internet. Such attacks are known in technical circles as "man-in-the-middle attacks", "session hijacking", or "password theft". Attacks on web or other servers connected to the public Internet can compromise private information in much the same way, but they do not involve deception or enticement of users.