The ICT Lounge

 
Section 8.5:  
Phishing Pharming and Smishing
As we discussed in section 8.2, cyber criminals are always looking for
Key Concepts of this section:
ways to get hold of your personal data and use it to steal your
money. # Know how phishing, pharming and smishing can be used to
obtain personal data.
There are several methods that they will use in order to try and
obtain your credit card or bank details. In this section, we discuss # Be able to describe the methods that can be used to
prevent phishing, pharming and smishing.
these methods and what you can do to protect yourself against them.

Methods of obtaining personal data Key Words:

Phishing, Pharming, Smishing.
# Cyber criminals use three methods in order to try and trick people into giving up their Examples:
personal data.

These methods are:

Phishing
Pharming
Smishing.

These three methods are normally used to try and obtain people's credit card numbers,
bank details, usernames or passwords.

# Every year, billions of dollars are stolen by online fraudsters who use the above three
methods in order to access their victim's money.

# We will discuss each of these methods and ways in which you can protect yourself Online fraudsters look for opportunities to trick you into
against them below: handing over personal information.

Phishing
# Phishing is used to describe methods that thieves use to 'fish' for our data. Examples:
# This is where fraudsters try and 'bait' us into giving up our bank details, credit card
details, usernames and passwords.

# Phishing is usually carried out over emails pretending to be from legitimate

organisations like banks and building societies.

For example:
The emails usually say that there is a problem with your account and then they ask you to
provide your usernames, passwords or account numbers so that the problem can be
rectified.

# If you provide these details, the criminals will be able to use them to help themselves to
your cash.

How to protect yourself against phishing: 'Phishing' is where fraudsters dangle bait in front of the
victim to see if they take it.
# Fortunately, it is very easy to avoid being 'phished'. Some prevention methods are
described in the table below:  

1. Never give your bank details or passwords out over email.

(Banks NEVER ask their customers for this information)

2. Phishing scams sometimes promise you enormous wealth.

For example: you might receive an email which says "We have recently discovered
you have been mentioned in the will of *****. If you provide us with your bank
account number we will deposit the sum of **** ".

Once you send your bank details, instead of depositing money the crooks will make off
with your cash.

If something sounds too good to be true then it probably is and you would be best off Phishing is carried out over emails and try's to trick you into
ignoring the mail. giving up your bank details.
3. Report any phishing attempts to your email account provider. (Click example to zoom)
4. Don't respond to emails from people you do not know.
Spot of phishing!
Spotting a phishing email is easy. Click the
Some videos: image below to find out how.

# Here are some links to videos that contain more information about phishing:

PLACE VIDEOS HERE

Pharming
 
# The intention of pharming is the same as phishing..... to obtain personal information such Examples:
as usernames, passwords and bank details etc.

Pharming usually targets users of online banking or shopping websites.

# The way this is done however is slightly different. 'Pharmers' infect legitimate websites
with malicious code that will re-direct you to their bogus version of the website.

The bogus website will look very similar, or even identical, as the legitimate website.

This makes pharming very dangerous and difficult to detect.

Pharming involves re-directing you to a 'malicious' website

# If you then enter personal information into the bogus website, the fraudsters will be able to
which attempts to steal personal data..
collect that data and use it.

For example:
You log onto your bank's website but it has been infected with malicious pharming
code and redirects you to a bogus version of the site.

The bogus site looks identical to the legitimate site and so you don't realise and enter your
username and password.

Unwittingly, you have just given the fraudsters your login details which they will then use to
access your account and transfer your money out!

How to protect yourself against pharming: Make sure that website url's are correct and legit before
entering personal data.
# Some prevention methods against pharming are described in the table below:
Spot of pharming!
1. Check the url (web address) of the website before you enter personal information.
Spotting a fake website is easy. Click the
The bogus website will have a slightly different address to the legitimate website. image below to find out how.
2. Make sure that you are on a secure website (one that is encrypted with SSL) before
entering personal information.

Remember: the way to tell is to look at the url:

A secure website will begin with https

An unsecure website will begin with http.

Loading...
Some videos:
# Here are some links to videos that contain more information about pharming:

PLACE VIDEOS HERE

 

Smishing (SMS phishing)

   
# Smishing is the same as phishing except the fraudulent messages are sent via text Examples:
messages (SMS) rather than emails.

For example:
You could receive a text message, sent to your mobile phone, which appears to be from
your bank and reports a problem with your account.

The text message would provide a web address or a phone number which you would be
asked to use in order to contact the bogus bank.

You would then be asked to provide your account details so that the problem could be
rectified.
Smishing is 'phishing' over a mobile phone.
Upon doing so, the fraudsters would use the account information to steal your cash.

How to protect yourself against smishing:

1. Never give your bank details or passwords out over phone or text message.
2. Ignore text messages from people you don't know.
3. Report any phishing attempts to your mobile phone company.

Activity!
Phishing, Pharming, Smishing - Research Sheet

Click the above task and answer the questions about Phishing,
Pharming and Smishing.

Smishing texts sometimes promise gifts just to get you to visit

a bogus website.

Previous - Online Data Security Next - Spam Emails

Please add your questions/comments below:

Links to Theory Units:

Section 1: Types and Components of Computer Systems Section 2: Input and Output Devices Section 3: Storage Devices and Media
Section 4: Networks and the Effects of using them Section 5: The Effects of using ICT Section 6: ICT Applications
Section 7: The Systems Life Cycle Section 8: Safety and Security Section 9: Audience
Section 10: Communication
 
Links to Practical Units:
Section 11: File Management Section 12: Images Section 13: layout
Section 14: Styles Section 15: Proofing Section 16: Graphs and Charts
Section 17: Document Production Section 18: Data Manipulation Section 19: Presentations
Section 20: Data Analysis Section 21: Website Authoring

Back to top

   

'+