Introduction to phishing
What
is phishing?
Phishing (also called brand spoofing
or carding) is a technique for acquiring
your personal information; e.g., credit card or bank account numbers and passwords, and subsequently
committing fraud in your name. This might include stealing
your identity or emptying your checking and savings accounts.
It has been around
since 1996 but is becoming more common
and more sophisticated. It's a form
of cyber-crime that's growing faster
than the ability of the police or courts
to deal with it. The word "phishing" is
simply a play on the word "fishing" — scammers
drop email lures into the sea of Internet
users, hoping to hook your personal
information.
There is newer and more dangerous variation called “spear phishing.”
It’s more insidious than regular phishing because the sender knows exactly who you do business with and what kind of accounts you have. The email they send is very convincing, appearing to come from a credit union, stockbroker or friend, so you're inclined to open it without hesitation. Once you do, a “Trojan Horse” installs a crimeware program on your computer that records your keystrokes, including your account information and passwords. As soon as you realize you've opened one of these illegitimate emails, you need to assume that your sensitive information has been captured or is at risk. Until you’ve installed and run an anti-spyware program like “Spybot – Search and Destroy” or Norton, do not log in to any of your financial accounts. The crimeware will record your your password and account information and transmit it to the crooks, who then sell it to the highest bidder.
Another new variation is called vishing, which involves voice communication. Email may or may not be involved.
How does
it occur?
The majority of phishing currently is conducted by email. In a typical phishing attempt, you
will receive an authentic-looking email
message that appears to come from a
legitimate business; e.g., bank, online shopping site. It will ask you
to divulge or verify personal data
such as an account number, password,
credit card number or Social Security
number. Often the wording may try to
scare you into providing information.
For example, you might receive an
email that appears to be from your
bank asking that you click on a link
in the message. This link might take
you to a bogus Web site where you would
be asked to verify your online banking
information. Intimidating language
might be included, e.g., "Your account
will be closed or suspended if you
don't follow these directions." Although legitimate
online banking and e-commerce are very safe,
you should always be careful about
giving your personal financial
information over the Internet.
It
is also possible for you to be phished
by mail, telephone or even in person.
The latest and most rapidly growing
threat is through the use of Instant
Messaging (IM), which can also be used
for identity theft as well as spreading
viruses and spyware.
Who perpetrates
it?
Phishers are scam artists. They send
out millions of emails, realizing that
even if only a few recipients give them
enough identifying information, they
can profit from the resulting fraud.
Would-be phishers can actually purchase software specifically designed to help set up and manage a phishing scam site instead of trying to build one from scratch.
Who
is affected by phishing?
Popular targets are users of online
banking services and auction sites
such as eBay. If your email address
has been made public anywhere on the
Internet (e.g., posted on a forum,
newsgroup or Web site), then you are
more susceptible to phishing. Scammers
can use spidering or Web-crawling programs
to search the Internet and collect
millions of email addresses.
Content last updated May 3, 2005 by
dlschmid
Page last modified
July 26, 2006
by cawalker
|
Page Top
| OIT
| PolicyDisclaimer
