Phishing, how to defend oneself from cheats and credit card frauds

Phishing is a cheat with the aim of leading users to voluntary provide sensitive information (such as credit cards, banking account data, passwords) as a reply to requests made giving fake personal particulars. The most common way of phishing is sending an email which invites the user to update his/her own credit card information or other due to various, and clearly false, reasons.

The link the user should click really looks very similar to the one of the actual service supplier, but the real destination is another and the provided information is drawn by unknown people with fraudulent purposes. Media often give the alarm, but never make available to users the few and easy pieces of information to defend oneself from this kind of swindles. To protect oneself against phising is extremely simple.

When the cheat takes place

Phishing does not happen when user clicks on the suggested link, but only when he/she enters personal data in the link destination page. It’s therefore sufficient to check with attention the page address in order to understand whether we are dealing with phishing or not (even if, for non-expert users, it would be better never to click on links of unclear nature).

Page source

Once in the page containing the form for data entering, watch the extended address of the page itself. In particular, examine the domain, which is the part between 'http:// ' and what comes after the next “/”. In the example the domain is displayed in blue: http://cldp.co.kr/ws/redirected.to.paypal.com/cgi-bin/web-run/Paypal.dll It’s a tiny string which reveals whether the page is authentic or not.

Second level domain

The domain is unmistakably made up of words separated by dots. Well, the first two domain words starting from the right identify the actual page source (the so-called second level domain). The actual address source in our example is highlighted in red: http://cldp.co.kr/ws/redirected.to.paypal.com/cgi-bin/web-run/Paypal.dll Even if the creators of the page in our example have made their best to spread the word Paypal in many positions of the address, it is clear, on the basis of what was explained, that the page, no matter how much similar to those of Paypal, is fake.

Phishing, the most skillful ones.

As regards the domain, (in our example cldp.co.kr) the part in red is the identifier, registered to a registar, while the one in blue (what comes before the second level domain) can be set by phising authors as they like. It is then possible that in the domain also appears the name of the company whose users are the target of the cheat, but this can appear only in the blue part of the domain. So, even if our page address was: http://Paypal.co.kr/ws/redirected.to.paypal.com/cgi-bin/web-run/Paypal.dll This address would NOT belong to Paypal because the second level domain is not the correct one. In fact the real second level domain name of Paypal have to be paypal.com and not co.kr