Monday, April 17, 2006

General tips to prevent phishing

  1. Bank sends an email for verifying some information either new account holder, or withdrawal or something like that. Please contact the bank by phone (use the phone number you know) and verify the legitimacy of the mail.
  2. The golden rule is 'don't click the link' to login the bank website. Type the bank website link on your browser by hand and go to the website.
  3. Most big companies will address people with your names; if you get general mails like 'dear valued user' it could be phishing mails.

1 comment:

  1. Good tips, Dharmesh !!

    While these tips remain valid for end users, there are technical and managerial controls which can be built on the application side to improve the security, in order to defend against phishing attacks.

    An OWASP White Paper "Phishing - A new age weapon" by Abhishek Kumar, lists many of such controls. You may also check out