The ICT Lounge
 
Section 8.5:
Phishing Pharming and Smishing
 
As we discussed in section 8.2, cyber criminals are always looking for ways to get hold of your personal data and use it to steal your money.

There are several methods that they will use in order to try and obtain your credit card or bank details. In this section, we discuss these methods and what you can do to protect yourself against them.

Key Concepts of this section:
#
Know how phishing, pharming and smishing can be used to obtain personal data.
#
Be able to describe the methods that can be used to prevent phishing, pharming and smishing.

Methods of obtaining personal data
Key Words:
Phishing, Pharming, Smishing.
#
Cyber criminals use three methods in order to try and trick people into giving up their personal data.

Examples:
Online fraudsters look for opportunities to trick you into handing over personal information.
These methods are:
These three methods are normally used to try and obtain people's credit card numbers, bank details, usernames or passwords.

#
Every year, billions of dollars are stolen by online fraudsters who use the above three methods in order to access their victim's money.

#
We will discuss each of these methods and ways in which you can protect yourself against them below:
Phishing
#
Phishing is used to describe methods that thieves use to 'fish' for our data.

Examples:
'Phishing' is where fraudsters dangle bait in front of the victim to see if they take it.
 
Phishing is carried out over emails and try's to trick you into giving up your bank details.
(Click example to zoom)
Spot of phishing!
Spotting a phishing email is easy. Click the image below to find out how.
#
This is where fraudsters try and 'bait' us into giving up our bank details, credit card details, usernames and passwords.

#
Phishing is usually carried out over emails pretending to be from legitimate organisations like banks and building societies.

For example:
The emails usually say that there is a problem with your account and then they ask you to provide your usernames, passwords or account numbers so that the problem can be rectified.

#
If you provide these details, the criminals will be able to use them to help themselves to your cash.

How to protect yourself against phishing:
#
Fortunately, it is very easy to avoid being 'phished'. Some prevention methods are described in the table below:

1.
Never give your bank details or passwords out over email.

(Banks NEVER ask their customers for this information)
2.
Phishing scams sometimes promise you enormous wealth.

For example:
you might receive an email which says "We have recently discovered you have been mentioned in the will of *****. If you provide us with your bank account number we will deposit the sum of **** ".

Once you send your bank details, instead of depositing money the crooks will make off with your cash.

If something sounds too good to be true then it probably is and you would be best off ignoring the mail.
3.
Report any phishing attempts to your email account provider.
4.
Don't respond to emails from people you do not know.

Some videos:
#
Here are some links to videos that contain more information about phishing:

PLACE VIDEOS HERE








Pharming
 
#
The intention of pharming is the same as phishing..... to obtain personal information such as usernames, passwords and bank details etc.

Pharming usually targets users of online banking or shopping websites.

Examples:
Pharming involves re-directing you to a 'malicious' website which attempts to steal personal data..
Make sure that website url's are correct and legit before entering personal data.
Spot of pharming!
Spotting a fake website is easy. Click the image below to find out how.
#
The way this is done however is slightly different. 'Pharmers' infect legitimate websites with malicious code that will re-direct you to their bogus version of the website.

The bogus website will look very similar, or even identical, as the legitimate website.

This makes pharming very dangerous and difficult to detect.

#
If you then enter personal information into the bogus website, the fraudsters will be able to collect that data and use it.

For example:
You log onto your bank's website but it has been infected with malicious pharming code and redirects you to a bogus version of the site.

The bogus site looks identical to the legitimate site and so you don't realise and enter your username and password.

Unwittingly, you have just given the fraudsters your login details which they will then use to access your account and transfer your money out!


How to protect yourself against pharming:
#
Some prevention methods against pharming are described in the table below:

1.
Check the url (web address) of the website before you enter personal information.

The bogus website will have a slightly different address to the legitimate website.
2.
Make sure that you are on a secure website (one that is encrypted with SSL) before entering personal information.

Remember: the way to tell is to look at the url:
  • A secure website will begin with https
  • An unsecure website will begin with http.

Some videos:
#
Here are some links to videos that contain more information about pharming:

PLACE VIDEOS HERE
 
Smishing (SMS phishing)
   
#
Smishing is the same as phishing except the fraudulent messages are sent via text messages (SMS) rather than emails.

Examples:
Smishing is 'phishing' over a mobile phone.
Smishing texts sometimes promise gifts just to get you to visit a bogus website.

For example:
You could receive a text message, sent to your mobile phone, which appears to be from your bank and reports a problem with your account.

The text message would provide a web address or a phone number which you would be asked to use in order to contact the bogus bank.

You would then be asked to provide your account details so that the problem could be rectified.

Upon doing so, the fraudsters would use the account information to steal your cash.

How to protect yourself against smishing:
1.
Never give your bank details or passwords out over phone or text message.
2.
Ignore text messages from people you don't know.
3.
Report any phishing attempts to your mobile phone company.


Activity!

Click the above task and answer the questions about Phishing, Pharming and Smishing.








Please add your questions/comments below:
 

Links to Theory Units:
 
Links to Practical Units:
Section 11: File Management
Section 12: Images
Section 13: layout
Section 14: Styles
Section 15: Proofing
Section 16: Graphs and Charts
Section 17: Document Production
Section 18: Data Manipulation
Section 19: Presentations
Section 20: Data Analysis
Section 21: Website Authoring