Chapter 7. Tip 7: Recognize and Avoid Phishing Scams

Previous page
Table of content
Next page

Threat Type: Victim enabled

Examples of Threats:

  • E-mails asking for account information that will then be used by identity thieves

  • E-mails "selling" security services

Our Tips:

  • Never click any of the links within the e-mail.

  • Never send account information via e-mail.

  • Never reply to any e-mail asking for personal or account information, even if a phone number is provided.

Phishing is a relatively new social engineering scam that has become one of the most popular tactics used by identity thieves. Phishing scams play on people's fear or sense of doing what is right by tricking victims into willingly supplying scammers with personal information, account numbers, passwords, and mothers' maiden names. Some thieves take it a step further with confidence scams that offer "identity security" to their former victims and then hit them again.

Very Important

For those unfamiliar with the concept of social engineering, Wikipedia.com defines it as the practice of obtaining confidential information by manipulation of legitimate users. A social engineer will commonly use the telephone or Internet to trick people into revealing sensitive information or get them to do something that is against typical policies. By this method, social engineers exploit the natural tendency of a person to trust his or her word, rather than exploiting computer security holes. It is generally agreed upon that users are the weak link in security, and this principle is what makes social engineering possible.


To give you an idea how widespread this problem has become, the following statistics were taken from http://www.mailfrontier.com (with the original source reference included). In 2005

  • 5.7 billion phishing e-mails were sent each month (Anti-Phishing Work Group).

  • $1200 was the average loss to each person successfully phished (Federal Trade Commission).

  • 13,228 unique phishing attacks (on average) were launched per month (Anti-Phishing Work Group).

  • 3431 phishing websites were created (on average) each month (Anti-Phishing Work Group).

In others words, this is a pretty big problem. If you fall for one of these scams, you could be looking at real financial losses, and potentially years to repair your credit rating. The key realization is that there would not be all this phishing activity going on if people were not falling for it. Figure 7-1 shows a typical sample phishing e-mail (provided by Wikipedia) and demonstrates exactly how legitimate they can appear.

Figure 7-1. Phishing Example


Very Important

The term phishing is kind of a funny spelling of the word fishing, referring to fishing you for your identity. The ph instead of f in the spelling gets its origins from the term phreaking, which is a form of hacking into phone lines to get free long distance. There is still some debate on exactly how and when the use of the term got started, but most people assume it is a combination of the words phone and freak. This spelling convention has carried over to computer hackers for hacks such as pharming and phishing.



Previous page
Table of content
Next page
Home Network Security Simplified
Home Network Security Simplified
ISBN: 1587201631
EAN: 2147483647
Year: N/A
Pages: 130
Authors: Jim Doherty, Neil Anderson
BUY ON AMAZON
Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Input Validation & More
Making Sense of Change Management: A Complete Guide to the Models, Tools and Techniques of Organizational Change
The Java Tutorial: A Short Course on the Basics, 4th Edition
Google Maps Hacks: Tips & Tools for Geographic Searching and Remixing
.NET System Management Services
Quartz Job Scheduling Framework: Building Open Source Enterprise Applications
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy