Phishing - example and prevention methods

Phishing is an attempt to acquire sensitive information (such as usernames, passwords and credit card details) criminally and fraudulently, by masquerading as a trustworthy entity in an electronic communication. It is typically carried out by e-mail or instant messaging, and often directs users to enter details at a website, although phone contact has also been used.

What is the example?
One of the examples is identity theft which is becoming more popular, because of the readiness with which unsuspecting people often divulge personal information to phishers, including credit card numbers, social security numbers, and mothers' maiden names. Once this information is acquired, the phishers may use a person's details to create fake accounts in a victim's name. They can then ruin the victims' credit, or even deny the victims access to their own accounts.

What are the prevention methods?
There are several different techniques to combat phishing, in social as well as technology aspect.

Social aspect
Train people to recognize phishing attempts, and to deal with them. People can take steps to avoid phishing attempts by slightly modifying their browsing habits.

Technical aspect
Helping to identify legitimate sites
Some anti-phishing toolbars might display the domain name for the visited website. For example, some websites let users to type in their own labels for the particular websites, so that they can later recognize when they returned to the site. If the site is suspect, then the software may either warn the user or block the site outright.

Augmenting password logins
A method to prevent simple phishing of transaction numbers (TANs) is to associate each TAN with a "lock number". The bank's server sends the lock number as a challenge, and the user provides the corresponding TAN as the response. The server selects the key-lock pair randomly from the list to prevent acquiring two consecutive TANs. Lock numbers are not sequential, so that phishers can only guess correct lock numbers.

Eliminating phishing mail
Specialized spam filters can reduce the number of phishing e-mails that reach their addressees' inboxes. These approaches rely on machine learning and natural language processing approaches to classify phishing e-mails.

Monitoring and takedown
Several companies offer banks and other organizations likely to suffer from phishing scams round-the-clock services to monitor, analyze and assist in shutting down phishing websites. Individuals can contribute by reporting phishing to both volunteer and industry groups, such as PhishTalk.
1)http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci916037,00.html
2)http://www.symantec.com/norton/security_response/phishing.jsp