Home Training Consulting News roomContact CIS  
Welcome to SACFiS


Phishing is defined as the practice of luring unsuspecting Internet users to a fake Web site by using authentic-looking email with the real organization's logo, look and feel, in an attempt to steal login information, or financial information. Phishing can even introduce a virus attack.

For example, you may receive an email that appears to be from eBay claiming that your account is about to be suspended unless you clicked on the provided link and updated your credit card information. Because it is relatively simple to make a Web site look like a legitimate organization's site, the scam counts on people being tricked into updating their account information. By spamming large groups of people, the "phisher" counts on the email being read by a percentage of people who actually have listed credit card numbers with eBay legitimately.

How to Identify a Phishing Scam

At first glance, it may not be obvious to the recipients that what is in their inbox is not a legitimate email. The "From" field of the email may have the .com address of the company mentioned in the email, and the clickable link may also appear to be taking you to the company's Web site. This is not the case and you will be taken to a spoof Web site. This email screenshot below is an example of a well designed and convincing phishing scam:

  1. The "From Field" appears to be from the legitimate company mentioned in the email. It is important to note, however, that it is very simple to change the "from" information in any email client.
  2. The email contains the company logo and images that have been taken from the Web site of the company mentioned in the scam email.
  3. The email will contain a clickable link with text suggesting you use the inserted link to validate your information. In the image you will see that once the hyperlink is highlighted, the bottom left of the screen shows the real Web site address to which you will go. Note that the hyperlink is not HTTPS protected and will not point to the legitimate eBay Web site URL.

Who is at Risk?

The people behind phishing emails are scam artists. They send out millions of these scam emails hoping that even a few recipients will act on them and provide their personal and financial information. Anyone with an email address is at risk of being phished. Any email address that has been made public on the Internet (posting in forums, newsgroups, or on a Web site) is more susceptible to phishing as the email address can be saved by spiders that search the Internet and grab as many email addresses as they can. (webopedia.com)

Recommended Action

With the increase in the number of attempts to victimize customers by creating Web sites that imitate those of legitimate businesses in an attempt to steal information about credit cards, online banking, etc., Anonymizer Anonymous Surfing has developed a real time anti-phishing feed that integrates into your Web browser to block fraudulent sites. Updated every fifteen minutes, real time analysis identifies and blocks phishing sites, and automatically sends a warning page to the customer which notifies them that they are being led to a phishing page.

Read more on phishing attacks








Home | About SACfIS | Services | Training | Consulting | Research | Press Room | Contact us |