What Is Phishing?


Phishing is a technique used by identity thieves to steal your personal information, usually so they can gain access to financial accounts.

To understand phishing, let's consider what fishing is. A fisherman casts a line out in the water repeatedly with a lure attached. The lure is a deceiving piece of gear that looks like a tasty smaller fish, but it's actually a nasty hook. Eventually, the lure catches the attention of a fish, which then bites it. The fooled fish is then reeled in on a hook and meets its demise in a frying pan with a sprig of dill.

According to the website www.antiphishing.org, the term phishing was coined circa 1996 by hackers who were stealing America Online accounts from AOL members . The buzzword was first used on the alt.2600 hacker newsgroup in January 1996, says the site, adding that it might have been used earlier in the printed edition of the hacker newsletter 2600 .


Phishing is kind of the same, but without the dill. The phisher uses email (or sometimes a pop-up message on the Web) as his lure. He casts out zillions of emails that are designed to trick the recipients into giving up personal information such as user IDs and passwords used to access their bank accounts.

Phishers use a variety of emails to fool their unsuspecting victims. One of the most common is the email that claims to be from a business or organization you deal with: perhaps your Internet service provider, an online payment service, or a government agency. Very often phishers pretend to be your bank.

The email includes realistic company branding and logos and reads like typical communication from the real institution (see Figure 4.1). This sometimes includes, ironically, warnings about protecting yourself from fraud.

Figure 4.1. This email appears to be from Washington Mutual. Clicking on the link, however, would lead to a website run by a phisher, who is trying to gather personal banking information.

Notice that this email, purportedly from a legitimate banking institution, asks the recipient to enter sensitive, personal informationsomething reputable banks do not request via email. The email asks for validation of personal information including account numbers , user IDs, and passwords. It asks you to click on an included link that takes you to the institution's website so you can enter your information. Of course, it also looks exactly like the institution's website, but it, too, is bogus .

Although many phishers pretend to be major global banks, they have been known to use regional credit unions and community banks. Among other favorites are online companies such as eBay or PayPal (see Figure 4.2).

Figure 4.2. This email looks like it came from eBay, an online auction website. However, it secretly directs the recipient to a website with a Russian web address.

Notice that this email redirects to a suspicious website address in Russia and not eBay. The consequences to not providing the requested information are fairly dire and are a good indicator that this email isn't what it seems.

Phish Finder: Identifying Phishing Emails

Here are some tips you can use to help identify emails from phishers, as suggested by the Anti-Phishing Working Group at www.antiphishing.org:

  • Phishers use false statements in the email they send to you, hoping they will upset or excite you, and that you'll react immediately to their request. They might threaten dire consequences if you don't respond, such as terminating an account or instituting a steep fee for reactivation of the account. If the consequences to not replying or acquiescing to their demands seems unnecessarily steep, contact the real organization in question, via phone or email, and ask if this email is theirs.

  • They will ask for things such as usernames, passwords, credit card numbers, Social Security numbers, name , address, and other personal data. You will never be asked to provide this kind of information via email.

  • Phishing emails are rarely personalized. They rarely address you by name in the text of the email. Valid emails from your bank or e-commerce company generally do.





Absolute Beginners Guide To. Security, Spam, Spyware & Viruses
Absolute Beginners Guide to Security, Spam, Spyware & Viruses
ISBN: 0789734591
EAN: 2147483647
Year: 2005
Pages: 168

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net