A typical phishing email will have the following characteristics:

• It normally appears as an important notice, urgent update or alert with a deceptive subject line to entice the recipient to believe that the email has come from a trust source and then open it. The subject line may consist of numeric characters or other letters in order to bypass spamming filters.
  
• It sometimes contains messages that sound attractive rather than threatening e.g. promising the recipients a prize or a reward.
  
• It normally uses forged sender's address or spoofed identity of the organisation, making the email appear as if it comes from the organisation it claimed to be.
  
• It usually copies contents such as texts, logos, images and styles used on legitimate website to make it look genuine. It uses similar wordings or tone as that of the legitimate website. Some emails may even have links to the actual web pages of the legitimate website to gain the recipient's confidence.
  
• It usually contains hyperlinks that will take the recipient to a fraudulent website instead of the genuine links that are displayed.
  
• It may contain a form for the recipient to fill in personal/financial information and let recipient submit it. This normally involves the execution of scripts to send the information to databases or temporary storage areas where the fraudsters can collect it later
  
  

Characteristics of Phishing Websites

A typical phishing website will have the following characteristics:

• It uses genuine looking content such as images, texts, logos or even mirrors the legitimate website to entice visitors to enter their accounts or financial information.
  
• It may contain actual links to web contents of the legitimate website such as contact us, privacy or disclaimer to trick the visitors.
  
• It may use a similar domain name or sub-domain name as that of the legitimate website.
  
• It may use forms to collect visitors' information where these forms are similar to that in the legitimate website.
  
• It may in form of pop-up window that is opened in the foreground with the genuine web page in the background to mislead and confuse the visitor thinking that he/she is still visiting the legitimate website.
  
• It may display the IP address or the fake address on the visitors' address bar assuming that visitors may not aware of that. Some fraudsters may perform URL spoofing by using scripts or HTML commands to construct fake address bar in place of the original address.
  
  

Common Methods of Phishing Attacks

If the recipient believes that the email comes from a legitimate organisation, there are several common methods used by the fraudsters for phishing.

1. Install Trojan program or worms to the recipient's computer in form of email attachment to exploit loopholes and vulnerabilities or to take screenshots of the system, in order to obtain sensitive information from the recipient.
   
2. Use spyware, such as keyboard loggers, to capture information from the recipient's computer and sends the information back to the fraudsters.
   
3. Use deceit to gain recipient's confidence so that the recipient will visit the fraudulent website that appears as legitimate and provide sensitive information by completing a form on web page.
   
   

Preventive Measures

1. Do not follow URL links from un-trusted sources or emails such as spam emails to avoid being re-directed to malicious websites by malicious links looking seemingly legitimate.
   
2. Do not visit suspicious websites or follow the links provided in those websites.
   
3. Do not follow links to log on banking or financial organisations from search engines result.
   
4. Open email attachment with extreme care. Always check the attachment's extension. Never open attachment with "pif", "exe", "bat", ".vbs" extension.
   
5. Type the URL manually or follow the bookmarks you have made previously when visit websites.
   
6. Avoid conducting online banking or financial enquiries/transactions from a public terminal or unsecured terminals such as those terminals in cafe shops or in libraries. Hacking or Trojan programs may be installed to these public terminals.
   
7. Do not open other Internet browser sessions and access other websites while you are performing online financial transactions/enquiry through the Internet. Remember to print or keep the copy of transaction record or confirmation notice for checking.
   
8. Always be wary when giving off sensitive personal or account information. Banks and financial institutions seldom ask for your personal or account information through email. Consult the relevant organisation if in doubt.
   
9. Always ensure that your computer is applied with the latest security patches and virus signature to reduce the chance of being affected by fraudulent emails or websites riding on software vulnerabilities. This also helps to protect your computer from other security or virus attacks.
   
10. Consider using desktop spam-filtering products to help detecting and blocking fraudulent emails but beware of false alarms. Recommend to learn the technical abilities that are essential for deploying these products in an effective manner.

Detective Measure

1. Review your credit card or bank account statements as soon as you receive them to check for any unauthorised transactions or payments.
   
2. Log into your accounts regularly to check for the account status and last login time to determine whether there is any suspicious activity.
   
3. Verify the legitimacy of the website of an organisation such as banks by contacting the organisation through its address or telephone number.
   

Responsive Measures

1. Change the password immediately if you suspect that your have already been defrauded (e.g. responded to phishing emails or supplied your personal/financial information to the fraudulent websites). Check your account status and contact the relevant organisation and/or report to the police immediately.
   
2. Send the phishing emails to the relevant organisation and/or the police for their investigation.
   

Article source: http://www.infosec.gov.hk/english/anti/phishing.html
Article source: http://www.infosec.gov.hk/english/anti/protect_gen.html