A new phishing email has been floating around recently claiming that the user’s Bank of America account was accessed by an international IP from an unregistered computer and that their “Foreign IP Spy” detected that breach. The asks the user to verify and register his current computer by logging in to the Bank of America website. On clicking on the link, it opens a phishing website that is using a fake address bar!
Even the smart people like you would fall for this fake address bar. The fake address bar gives the look of the real one, with the correct domain name, for example https://www.bankofamerica.com/index.jsp. Most users who clicked on that link will surely enter their login information.
Such phishing can be identified by using the content menu – by right-clicking on that web page. Select Properties for Internet Explorer, and View Page Info for Firefox and Edit Site Preferences for Opera. Verify that the Address/URL is from the correct domain.
The best protection against phishing is to not open any links in emails. Always open the website directly in the browser. If you are not sure, call the company directly and ask if they have send that email to you.
Most of the new browsers including Firefox and Internet Explorer provide security against phishing. You can also use OpenDNS to protect your network from phishing to an extend. Spyware Doctor client also provides phishing protection. Recently Gmail started using DomainKeys, which helps to block fake eBay and PayPal emails. [via: ghacks, more at trendmicro]
Have you ever been a victim of Phishing? How do you prevent yourself from phishing?