Now we explain the: Main Defense Techniques
Care must be taken to visited sites not authentic. In the event of a request for personal information, account numbers, passwords or credit card, it is advisable, before clearing, forward a copy of the competent authorities and notify the bank or other interested parties, so that they can take further measures against the fake site and inform its users.
The customer can check the movements from your statement. You can see at the ATM or your online bank account. Many institutions offer an SMS alert service, more effective, because the movement as soon as the notification is made, not when it takes its registration, which can be of several days away.
The service is activated by ATM, at the branch or from the on-line, and consists of sending a message to the number specified by the customer, for any withdrawals or payments that exceed the amount set by these. The message part in real time when it made the movement (not on the record date, so even when this is not yet visible in the account statement). The service is free; the costs depend on the message by the telephone.
The Bank is not obligated to provide this type of service, and the phone companies do not guarantee receipt of the SMS at certain times, which may increase, in particular, if the customer is abroad with his receiving terminal. The person who realizes the payments made by third parties with his credit card or cash card, should contact the hotline of the bank to ask the card holder: the call is recorded and is assigned a lock code (which is identification and unique).
It must also make a complaint to the Police Force, and go to the agency with a copy of the complaint and the lock code. In the event of any charges ” abnormal ” later, for example, because it made from abroad and registered or recorded with a date after the block and the complaint, it is necessary to go back to integrate the complaint and reoccured copy subsidiary. The Agency shall provide the legal department of the Bank recusal of payments and the redemption request for liquidation.
The Legal Department checks whether the client was physically unable to carry out the accounting movements (withdrawals from the account or payments) because the account statement or complaint shall prove that he was in another place; if there is willful misconduct or negligence; apply a deductible, which is not refunded, if the activation of the card agreement provides for liability in these cases still remains the responsibility of the customer. In the presence of accreditation by strangers, the account holder must not withdraw the sum to the bank and ask for the reversal of accounting movement.
A frequent concern of users who suffer the tapping is to understand how did you know that the perpetrator have an account at the bank or online service listed in the message-bait. Any defensive action is not required apart from the recognition and the email that contains the deletion attempt to tapping. In the case of the related problem known as Pharming, instead, there is a real solution to the rear and is necessary preventive action. A first control to defend against tapping sites, is to display the icon, the lock icon in all browsers, indicating that yes, it is established a secure connection (such as SSL / TLS) connection.
This connection guarantees the confidentiality of data, and their integrity and authentication of the other party take place only in the presence of the digital signature, which is optional and not reported. An SSL connection can be established with trusted untrue, through a pair of public key and private valid, known to those who want to do phishing, but are not those of the actual site.
For example, the certificate shows that the site it. Wikipedia. Org uses a public key, which is actually that of the phishers. The browser rather than the affected user would connect to the site of a certificate authority to control: the database shows public keys and an identification of the owner, such as the IP address or the address of the site. Some sites have a specific anti-phishing toolbar that checks the authenticity of each page downloaded from the site, for example, via the digital signature. The login page of a site is easy to imitate.
In the browser, there is a option to view the HTML code of web pages, which you can copy and paste somewhere else, to get an identical site. Data included in the free fields of the form are stored in a database or in a text file that is linked to the site. Another tapping technique involves inserting keylogging applications. In this case, the links may lead to the original site, not necessarily an imitation, and the tapping of data occurs at the time of their addition to the keyboard.
These lines of code can be executed with the opening of some links, or by reading the same e-mail, if your mail program or the Internet service provider does not take sufficient protections. There are also specific programs such as the anti-tapping bar Netcraft and also blacklists (blacklist), which allow you to alert you when you visit a site probably not authentic.
Users of Microsoft Outlook / Outlook Express / can protect themselves through the free program Delphish, a toolbar inserted into the MS Outlook / MS Outlook Express with which you can find the suspicious links in email (see external links section).
These programs and the most common browsers do not take advantage of the logical and whitelist containing IP addresses of authentication pages of all the banks, which would be an anti-spillage definitely useful filter. If the user is not the holder of a current account online and receive periodic account statements by mail (not by email), can set the anti-spam filter, by entering the address of the bank. In this way, the emails containing a return address or a link in the text to the bank, will be included in the spam folder, making it easy to identify the suspect.
The Internet explorer users can use an anti-spillage filter that uses a blacklist, and compare the addresses of a suspicious web page with those in a global, centralized database, managed by Microsoft and fed by anonymous reports of the users themselves. Such protection is present in Mozilla Firefox (from version 2), which offers the user to choose between the verification of the sites based on a blacklist, and the use of anti-tapping service offered by Google. No databases of this type shared by the various browser vendors, or set up at public authorities who have the expertise on the issues of the Internet and the web (in Italy, the Postal and Communications Police).
The darkening of a spillage site is not a simple task, if that is hosted as a subdomain of another web address. In that case, you need the dimming of the host domain, because the ” false ” authentication page is not listed ICANN, but locally on the server.
The blocked site can still be quickly associated to another web address. You can bind to a page of a ” bait site ” a similar address, but not identical to that of the website ” copied. ” The average user is still difficult to distinguish a phishing site from that of the credit institution being targeted.
The address bar can contain an address of ” Name of the Bank. AutethicationPage. php@domain address of the host, ” the host of the domain address in the corresponding IP address, the ” @ ” in ASCII or binary equivalent or hexadecimal, making the ” phishing resource address ” similar and slightly longer than the one that has been falsified.