Monday, January 17, 2011

මොකක්ද මේ Phishing කියන්නේ? .... අංක.2

පළමු කොටසේ අවසන් කල තැනසිටම මෙය ආරම්භකරන නිසා තව Phishing සදහා උදාහරණ කිහිපයක් රූපසටහන් ආශ්‍රයෙන්ම ඉදිරිපත් කරන්නම්.


මෙම රූප සටහන් සියුම්ව නිරීක්‍ෂනය කලවිට පමණක්  මෙහි සදහන් Transaction වල නොපැහැදිලිකම් ග්‍රහණය කර ගත හැකි අතර එසේ නැතහොත් මේවායේ බැලූ බැල්මට නීත්‍යානුකූල ස්වරූපයක් මැවී පෙනේ.

දැන් අප තව උදාහරණයක්  ගෙන එයින් සැකකටයුතු කාරණා හදුනාගන්නා ආකාරය දළ වශයෙන් බලමු.


මෙහි දැක්වෙන අංක වලින් විස්තරකරන කරුණුවල අන්තර්ගතය නොවෙනස්වීම සදහා උපුටාගන්නා ලද වෙබ් අඩවියේ තිබූ ආකාරයටම පල කර ඇත.(වැඩි විස්තර සදහා http://www.clearmymail.com/Phishing/anatomy_of_a_phishing_email.aspx වෙබ් අඩවියට පිවිසෙන්න).

1. The "From:" Address
The "From:" address of an email can not be trusted as it is easily faked by the criminals who send out the Phishing emails. Although in this case it appears that the email has come from a @natwest.co.uk email address, this has been faked.
2. The "To:" Address
Pay close attention to the "To:" address, often it will not be directly addressed to you. If it isn't then it may not be a legitimate message from the organisation it claims to be from. Also, if the "To:" address contains multiple addresses this is also likely to be a sign that the email is a fake.
3. The Message "Subject:"
The subject of a Phishing email may give away some small clues to the fact that it is fake. In this case it is claiming to be from "Natwest Electronic Banking", if this were real then it would only be using the name "Natwest" and not "Electronic Banking". Phishing emails will usualy have urgent of exciting claims in the subject line, using words such as "Important Announcement". Be careful of emails like this. Also look out for spelling mistakes and typos.
4. Company Logos
Phishing emails will almost always use the correct logo for the organisation they are trying to defraud. The logos are extremely easy for Phishers to re-use, so do not place any trust in the logo of a company within an email - it does not guarantee the message is legitimate.
5. Who the email is addressed to
Phishing emails will usually address their emails in general terms, they won't personalise it to you. So if they are claiming to be from your bank and they have addressed the email to "Dear Customer" use caution as the email may be fake.
6. The web link
This is probably one of the most important parts to check. Although the link may look like it is going to the correct website (www4.natwest.co.uk in this case), it may take you to fake website when you click on the link. In this case when we click on the link in this Phishing email we would be taken to a fake website at http://www9.nwolb.co.uk.sec74.net/. To be certain, never click a link within an email, simply type the address that you know is correct into your web-browser address bar.

If you do click a link from an email always double check the address you have been taken too.
7. The message body
Always look out for spelling mistakes or names incorrectly used. In this example they refer to Natwest online banking as "Natwest Bank Direct Banking" which the real bank would never do.

 ඉතිරිය පසුවට ...

No comments:

Post a Comment