email phishing or authenticated mail from apple?

[Affy]

I am not at all a tech savvy of a person. The other day I happened to receive two mails which said that two of my orders were cancelled. This mail had link where I was asked to put in my apple id but luckily before I could do that a friend of mine happened to come home and said that such emails are pure scams and we should never entertain such an unauthentic mail. He explained to me that such email attacks are done to grab the personal details of an individual and exploit it for the worst results possible. It is a very dangerous kind of thing and at times lead to great losses and thefts of not only your identity and personal details but also financially. And he said this is called phishing. However, little knowledge is dangerous and as a result of which I am even more confused about the whole concept. I want to know everything about phishing and how do we identify which mail is authenticated and which one is a phishing scam. If we are confident that it is a phishing attempt how can we possibly report it to authorities?

[Badrinath]

Whatever knowledge you have about phishing is 100 percent correct but I won’t say it is complete. There are many more things you need to technically know about phishing and all.
Phishing is a term which is evolved from the term Phreaking. Phishing basically is nothing but a way of trying to personal and sensitive information like password, credit card details etc. where the attacker masquerades as a trustworthy entity and tries acquiring sensitive information in an unauthenticated, unauthorized way. It has become very dangerous these days because, by records every year, billions of dollars are frisked and stolen using this media. The most common platform being used for phishing is social networking sites, auction sites, mailboxes etc. the data grabbed from here used at all level of online transactions i.e. right from auction sites, online shopping sites, online payment processors etc. it is a typical execution of the social engineering method of identity theft. It exploits a layman’s ignorance about technology and its hidden concepts. It is now a day one of the most leading forms of theft and has become a very leading security concern throughout the web or rather throughout the globe. It is becoming very difficult to fight it

[daljit]

There are many innocent people who are being affected by phishing and it is not at all a small thing. There are number of people who are continuously being target without even the knowledge that they are being stolen. Phishing is basically a very smart form of theft. It is very difficult to catch hold of it easily. the following is the most common technique of phishing these days:

- The attacker basically manages to design either an instant messenger application or the website which looks similar to a legitimate website or messenger.
- The instant messenger and the website both will have options for user id and password.
- It will be designed in a way that as soon as an user enters details, the details are exported to the attacker’s database
- He then creates an email id, again that will be quite similar to sound like the original one. (For e.g.: admin@trustedbank.com can be made as admin_trustedbank@gmail.com)
- From this email id, he sends mail to users, which leads to the website or the messenger. The reason to lead may be anything like some error or an update
- As soon as the user visits the page and he enters the required data, the data is sent to the attacker’s database and you’ll see no action happening at the page

Phishing is not everyone’s cup of tea and it is not at all easy to curb this issue. However, if people are made aware of it, they can at least prevent themselves from getting robbed.

[Kakashi Hatake]

As rightly mentioned, it is the innocent user and legitimate companies which suffer due to this kind of an extra smart type of robbery. People who are a victim of this attack are:

 Legitimate companies are one of the people who are adversely affected by this stupid kind of attack and it has become really difficult for them to cope with this

o They need to provide multiple layers of security and a strong trusted online service. More than implementing technologies to provide luxurious features, companies are having a hard time to provide reliable and secured online services. They are killing the online services.
o They have to compromise on extra services which could be provided. Like, even to retrieve their customer’s data they might have to give multiple thoughts.
o They need to invest a lot on the computing power of the company which could have been invested for the betterment of their business or clients
o Companies are scared to maintain any responsible database as any problem to that might cause them to shut down

 Another major category of people who are negatively affected by the system of phishing are the set of average user of the following sub-category

o Busy and lazy people who do not care to check the mail source and all are the ones who land up into mess the most
o People who do not care to turn on the security settings and assumes that Viruses are the only threat and security means only antivirus
o People who re-use same login id and password and other log in details in multiple websites end up losing everything in a moment.
o People who tend to blindly trust any mail being flashed to their email id are more prone to such attacks
o Non-tech savvy kind of people who knows no head or tail about technology or internet often fall prey to such attacks
o People who tend to use multiple computers or who are frequent public computer user tend to be a victim of identity theft easily

[Aaryan2011]

After reading all previous posts you must have easily made out how easy is it and how prone you are to phishing attacks. In order to stay away from it you need to follow some basic instructions:

• Do not just click: this is one thing for every computer and internet user to understand that you should never go on just clicking as it is a very wrong practice. Do not try to visit any link or follow any URL unless you are very clear about the source. Avoid filling forms to the maximum. I’ll show you an example of phishing scam mail:

“We recorded a payment request from "-shopsafe.com-" to enable the charge of $ 95.73 on your account.
Because the order was made from an european internet address, we put an Exception Payment on transaction id #PayPal-m37321 motivated by our Tracking System.
This payment is pending for the moment, if you didn't make this payment and would like to decline:
>>> Click here <<<
If you made this transaction or if you just authorize this payment, please ignore or remove this email message. The transaction will be shown on your monthly statement .
Thank you for your time and consideration in this matter. PayPal Inc.Payments Department.”

The above mentioned mail was undoubtedly a scam. Stay away from such mails, just keep your memory strong and read the mails very carefully
• Follow spyware prevention techniques: keep away from spyware. For which you need to be following the below mentioned techniques:

o Always read the given license agreement very nicely before downloading or installing any software more particularly when it is a freeware. Most of the license agreements are honest enough to disclose the spyware the program includes. So, before clicking yes, make a thorough check of this
o Take care of P2P programs: in peer to peer network software like Kaaza and all, the downloaded software sometimes have spyware bundled with them causing it to attack whenever required and grabbing information from the pc that might be highly sensitive. Make sure, you have detailed information of everything you download.
o Rely on only trusted source for downloads: before you download anything from anywhere never forget to make a thorough research on the company which is providing the software to you. Never download anything from websites that you don’t know or trust. It is children and ignorant adults who always fall prey to such tricks. People should be educated so as to warn them and let them know what are reliable sites or source and what not.
o Beware of pop-ups: these days, pop up is considered as the bestest way to intrude spyware into your system. Do not click and entertain the free download pop ups that you often get
o Use spyware protection programs: a very effective way of keeping your PC away from spyware is by downloading the anti-spyware software. Considering the amount and intensity of threat it is always advisable to install a anti-spyware program which might be free ware or paid version as per desire
o Installation of firewall: firewall is responsible for regulating incoming or outgoing data to ensure that there is not illegitimate software or programs coming in, neither are any sensitive and important data going out with out the consent of the user and in some cases, the admin
o Installation of antivirus: with a vision of gaining maximum access to your computer certain spyware tend to infect and spoil your computer. There has to be some strong anti-virus tool capable enough to prevent the infection from occurring and if at all it happens, the antivirus should be strong to remove it

[Swiz]

Incase of fishing scams yo may either report it to the legitimate authority or to local law and order authorities. You may also report it to the following organizations:
• The Anti-Phishing working group (more than 600 organizations) with the URL: http://www.antiphishing.org
• The Trusted Electronic Communications Forum (TECF) bearing URL: http://www.tecf.org
• WholeSecurity (Microsoft, eBay, Paypal, and Visa) has an RL of http://www.wholesecurity.com