Phishing: Examples and its prevention methods

What is PHISHING ?

Phishing is act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user’s information.
One example would be if you received an e-mail that appears to be from your bank requesting you click a hyperlink in the e-mail and verify your online banking information. Usually there will be a repercussion stated in the e-mail for not following the link, such as "your account will be closed or suspended". The goal of the sender is for you to disclose personal and (or) account related information. This type of e-mail scam is also called Phishing.

How to Spot A PHISHING Scam ?


Phishing e-mails will contain some of these common elements: (view screen capture above from Eudora)

1. The "From Field" appears to be from the legitimate company mentioned in the e-mail. It is important to note, however, that it is very simple to change the "from" information in any e-mail client. While we're not going to tell you how, rest assured it can be done in a matter of seconds!

2. The e-mail will usually contain logos or images that have been taken from the Web site of the company mentioned in the scam e-mail.

3. The e-mail will contain a clickable link with text suggesting you use the inserted link to validate your information. In the image you will see that once the hyperlink is highlighted, the bottom left of the screen shows the real Web site address to which you will go. Note that the hyperlink does NOT point to the legitimate Citibank Web site URL.
In this instance, the text you click is "here", However, this may also state something like "Log-in to Citibank" or "www.citibank.com/secure" to be even more misleading. This clickable area is only text and can be changed to anything the sender wants it to read.

Additionally, you may spot some of these elements that did not appear in this particular scam:
Logos that are not an exact match to the company's logo, spelling errors, percentage signs followed by numbers or @ signs within the hyperlink, random names or e-mail addresses in the body of the text, or even e-mail headers which have nothing to do with the company mentioned in the e-mail.

Example of PHISHING

An example of a phishing e-mail, disguised as an official e-mail from a (fictional) bank. The sender is attempting to trick the recipient into revealing confidential information by "confirming" it at the phisher's website. Note the misspelling of the words received and discrepancy. Such mistakes are common in most phishing emails. Also note that although the URL of the bank's webpage appears to be true, it actually links to a phisher's webpage

Prevention of PHISHING

The golden rule to avoid being phished is to never ever click the links within the text of the e-mail. Always delete the e-mail immediately. Once you have deleted the e-mail then empty the trash box in your e-mail client as well. This will prevent "accidental" clicks from happening as well. If, for some really odd reason you have this nagging feeling that this could just possibly be a legitimate e-mail and nothing can convince you otherwise, you still need to adhere to the golden rule and not click the link in the message. For those truly worried that an account may be in jeopardy if you do not verify your information, you need to open your Web browser program of choice and type the URL to the Web site in the address field of your browser and log on to the Web site as you normally would (without going through the e-mail link as a quick route). This will provide you with accurate information about your account and allow you to completely avoid the possibility of landing on a spoof Web site and giving your information to someone you shouldn't.

Video: Identify Theft Phishing

The Application of 3rd Party Certification Programme In Malaysia

MSC Trustgate.com Sdn Bhd is a licensed Certification Authority (CA) operating within the Multimedia Super Corridor. MSC Trustgate was incorporated in1999 and is licensed under the Digital Signature Act 1997 (DSA), to meet the growing need for secure open network communication and become the catalyst for the growth of e-commerce, both locally and across the ASEAN region. Trustgate's core business is to provide complete security solutions and leading trust services such as digital certification services, including digital certificates, cryptographic products, and software development which are needed by individuals, enterprises, government, and e-commerce service providers.

Nowadays we are living in a world which moving towards more and more virtual. Through the Internet people can do almost everything they wish such as online shopping, pay bills, online reservation, banking and so on which make our life easier. But there still have many people feel unsecured to sending or receiving sensitive information through online due to the increasing numbers of phishing cases. Thus, Secured Socket Layer(SSL) is the best solution to build user's trust through getting an SSL certificates for the relative website. Verisign is the leading SSL Certificate Authority.

Secure Socket Layer (SSL) is a technology developed by Netscape and adopted by all vendors who are offer the product that are related to web software for the exchanges between client and server. The essential functions of SSL is mutual authentication, data encryption, and data integrity for secure transactions. SSL certificate is an electronic file that enable secure confidential communications and identifies indivviduals and websites on the internet uniquely by serving as sort of a digital passport. It is possible to verify someone's claim that they have the right to use the key in order to prevent other people form using the keys to impersonate others users and ensure the involvement of all parties in a transaction with a complete security solution.

Certification Authority (CA) is a trusted third party. It must take steps to establish the identity of the people or organization to whom they issue the ID. Authentication is ensured when certificate is issued once establish with its organization's public keys and signs with Certification Authority's private key. Verisign SSL Certificates is the public encrypted key that Webmaster sends to CA which is a standard part of most web server and web browser packages when works in conjunction with the SSL technology. Verisign will review the credentials and check through all the background of organization to ensure that the claim of organization before issuing any server certificate. The browser will verify its business purpose through ID automatically when browser connects to a legitimate site with Verisign SSL Certificates. After that, information received by Web visitor is identical to encryption between browser and server and no modification is taken place.

Thus,the certification from 3rd party is needed to ensure the user's information traveled over the internet and reach to their destination safely. It can avoid our sent information being spammed, hacked and attacked by the macilious software such as virus, worms and trojan horse. In addition, the confidentiallity of customers towards the internet activities will be enhanced so that the implementation of 3rd party certification can improve customer's trust.

The history and evolution of E- Commerce

What is E-commerce?

E-commerce(EC) is the process of buying , selling , transfering , or exchange product, services, information via computer networks, including the internet.

The Evolution of E-Commerce

E-Commerce were first developed in the early 1970s with innovations like:

Electronic funds transfer (EFT) - funds can be routed electronically from one organization to another.

Electronic data interchange (EDI) – used to electronically transfer routine documents, which expanded electronic transfers from financial transactions to other types of transaction processing.

Interorganizational system (IOS) – a system which allows the flow of information to be automated between organizations in order to reach a desired supply-chain management system, which enables the development of competitive organisations.

Evolution event of EC


1984
EDI, or electronic data interchange, was standardized through ASC X12. This guaranteed that companies would be able to complete transactions with one another reliably.

1992
Compuserve offers online retail products to its customers. This gives people the first chance to buy things off their computer.

1994
Netscape arrived. Providing users a simple browser to surf the Internet and a safe online transaction technology called Secure Sockets Layer.

1995
Two of the biggest names in e-commerce are launched: Amazon.com and eBay.com.

1998
DSL, or Digital Subscriber Line, provides fast, always-on Internet service to subscribers across California. This prompts people to spend more time, and money, online.

1999
Retail spending over the Internet reaches $20 billion, according to Business.com.

2000
The U.S government extended the moratorium on Internet taxes until at least 2005.

2004
Web 2.0 was coined by O'Reilly Media to a supposed second generation of Internet based services that let people to collaborate and share information online in perceived new ways- such as social networking, wikis, communication tools and folksonomies.

Video : Evolution of E-commerce

An example of an E-commerce failure

A failure E-commerce Business- kozmo.com

Nowadays, many company and businessmen have conducting businesses through e-commerce. There are many successful company that generate profit and receive recognition through e-commerce such as e-bay,Amazon and Dell Corporation. Although there are many company that success through doing business online, there are some example of failure such as e-toy.com and kozmo.com.

Kozmo.com was a venture-capital driven online company that provide free one hour delivery of anything from DVD rentals to Starbucks coffee in United States. The founders of Kozmo.com were young investment bankers Joseph Park and Yong Kang in New York City.

Kozmo.com had a business model that promised to deliver small goods free of charge, typically by using bicycle messengers. Its headquarters were located in New York City. The company raised about $250million, including $60 million from Amazon.com and $28 million from a group of investors which included Flatiron Partners, Oak Investment Partners and Chase Capital Partners.

Factors of Failure:

Kozmo.com had raised more than $250million, but the company was unable to generate enough revenue to cover its costs. In 1999, the company had $3.5million revenue, compare to $26.4 million losses. The problem occurred when its business model included offering a costly delivery home delivery service for free. This offer covered a very small order such as DVD and pack of gum which it was impossible to turn a profit. As a result, it made the customer satisfied and excited, but it drew losses to the company. Although Kozmo.com was profitable in four cities, there were seven more cities that made losses.

Real world case: Google is changing everything

Google has created services and tools for the general public and business environment alike; including Web applications, advertising networks and solutions for businesses.Google is known primarily for its search engine and its related targeted advertising tools. In my opinion, Google had make our life and work become more easier and we can accomplish our tasks in more effective and efficient ways. Nowadays, Google had organize the world's information and make it universally accessible and useful to the users.

Google had offered several free Web-based application that enable people to organize their own information and make it more easily accessible to others via the Web. Users can sort data and take advantage from those applications. Google also had entered the enterprise market by providing search technology to larger organizations. An enterprise search software had launched to enables the enterprise specific content across the enterprise to be indexed, searched, and displayed to authorized users. This technologies had solved the crucial problems of many large enterprise which is wish to improve their filling system and contact with their business partners.

In my opinion, Google still can work hardly and try to expand their services more widely in order to fulfill the needs of different levels of target markets. By keep on being innovative and creative can make Google become a more well known and successful

An example of an E-Commerce success and its causes

Amazon.com

Jeffrey Preston Bezos (born January 12, 1964) - the American founder, president, chief executive officer and chairman of the board of Amazon.com




Amazon.com has a leading edge in the e-commerce world. It has a strong customer base, name recognition, quality assurance, and immense inventory. The ease of use over the Internet has been an important facet Amazon has focused on; more specifically their "1-Click" feature of their web-design allows quick and easy use of their services.


What are the critical success factors of Amazon.com?

Differentiation

Amazon.com is more than just a bookstore. It delivers author interviews,
customer book reviews, pre-release information and out-of-print books by special order. Back office systems and cookies deliver personalized book recommendations to shoppers who have purchased books from Amazon.com. A book recommendation agent tells the prospective buyer "Customers who bought this book also bought:". In all these cases information about the customer and information technology are being used to enhance the customer experience.


Price Differentiation

Amazon differentiates itself mainly on the basis of price and by making sure that it offers the same quality products as any other company with a noticeably lower price. In addition, sellers do not pay any fees for product listing and it cost nothing until the product is sold.


Personalizing Website

Amazon greets customers personally when they open the sites and gives them a choice of products that matches their personal preferences.

Video : Amazon.com 's Warehouse

Identify and compare the revenue model for Google, Amazon.com and ebay

Google revenue model mainly is based on advertising. For year 2006, google generated US$ 10,492 billions in advertising and US$112 millions in licensing and others. One of the google revenue model is from Google AdWords.

Google AdWords is a pay per click advertising program of Google designed to allow the advertisers to present advertisements to people at the instant the people are looking for information related to what the advertiser has to offer.

For example:




Amazon.com also is one of the most successful e-commerce providers in which its revenue model are mostly generated from transaction fees, affiliate fees and subscription fees. Amazon started as an online bookstore, but soon diversified its product lines from DVD to food.
They also have to rate the product on a rating scale from one to five stars. Moreover, the users are allows to comment on reviews. The key successful of Amazon.com is online shopping. This is the example of Amazon.com homepage.







For eBay, is an online auction and shopping Web site in which people and businesses buy and sell goods and services worldwide. Ebay allow people to bid any time any where, this convenience has increase the number of bidders. It also owns PayPal, Skype, StubHub, and other business. Thus, it has various types of revenue models included advertising fees, affiliate fees and other revenue sources but it main revenue model is from online auction and online shopping.

Refences :

E- commerce site : Revenue model of Google, Amazon and eBay

E- divas : Revenue model of Google, Amazon and eBay