Most methods of phishing use some form of technical deception designed to make a link in an e-mail (and the spoofed website it leads to) appear to belong to the spoofed organization. Misspelled URLs or the use of sub domains are common tricks used by phishers. In the following example URL, http://www.yourbank.example.com/, it appears as though the URL will take you to the Attacker Database of the your bank website; actually this URL points to the "yourbank" (i.e. phishing) section of the Attacker Database website.
Phishers have used images instead of text to make it harder for anti-phishing filters to detect text commonly used in phishing e-mails.
An e-mail message from a large online retailer or Internet Bank website announces that your accountg has been compromised and need to be updated and givbes the link to update the same. So you follow a link in the message, if you click on the link it leads to the website that is as similar as original website, it is spoofed login page. If you give the account details that will be redirected to the attacker and it might be misused.
Attackers try to send the malware through attachments , try to trap you by sending false emails with attachments saying to update your account information.
Keeping up with the latest Web security threats is a daunting task, because viruses and Trojans emerge, evolve, and spread at an alarming rate. While some infections like Nine Ball, Conficker, and Gumblar have hit the scene and immediately become the scourge of the cyber security world, others take their time -- quietly infiltrating more and more computers before revealing the true depth of the danger they pose.
One such slow grower is Clampi, a Trojan that made its debut as early as 2007 (depending on who you ask) but is only now raising hairs outside professional security circles. Clampi primarily spreads via malicious sites designed to dispense malware, but it's also been spotted on legitimate sites that have been hacked to host malicious links and ads. Using these methods, Clampi has infected as many as half a million computers, Joe Stewart, of Secure Works, told a crowd at the Black Hat Security Conference in July, USA Today reports. Once installed on a PC, the Trojan quietly waits for you to visit a credit card or banking Web site. When it detects you're on one of the roughly 4,600 financial Web sites it's trained to watch, it records your username and password, and feeds that information back to the criminals. Clampi can even watch for network login information, allowing it to spread quickly through networked PCs (e.g., those in an office). In fact, it seems that businesses have been the primary target of Clampi so far. According to the Times Online, in July, an auto parts shop in Georgia was robbed of $75,000 when criminals stole online banking information using Clampi. The Trojan was also used to infiltrate computers for a public school district in Oklahoma and submit $150,000 in fake payroll payments.
Never click web links in your e-mail and no bank will ask you to update the accounts through online.
Never provide personal information including your passwords, credit card information, account numbers to unknown persons.
Never keep username, account name and passwords at one place. Always try to remember passwords.
Always use phishing filters at your Internet browser.
Do not click any images in the web sites if you are unsure.
Confirm whether email is received from bank or not.
Be cautious while providing bank details via online, before proceed further confirm with bank about the email you received. Think that if something is important or urgent why don’t bank calling me instead of sending email?
Delete all cookies and history file before you perform online trasactions.
Delete all the history and cookies once you are done with online transactions.
Always use virtual keyboard while accessing online banking.
Avoid accessing online banking in cybercafes.