What is phishing?

BusinessScams

  • Author Phil Bradshaw
  • Published March 21, 2009
  • Word count 1,128

Phishing is a fraudulent attempt, usually made through email, to steal your personal information. The best way to protect you from phishing is to learn how to recognize a phish.

Phishing emails usually appear to come from a well-known organization and ask for your personal information — such as credit card number, social security number, account number or password. Often times phishing attempts appear to come from sites, services and companies with which you do not even have an account.

Phishing is an online scam used to commit identity theft. A fraudulent, but official-looking e-mail is sent to a user in an attempt to con that user into divulging personal and/or private information, which is then used for identity theft.

Phishers spam huge numbers of users with a seemingly credible e-mail that instructs the user to visit a Web site (also fraudulent) where they are prompted to enter or update their personal or private information (such as passwords and credit card, social security, and bank account numbers). Phishers also use pop-ups to try and scam users into entering sensitive information.

A phishing scheme typically consists of an email message that appears to originate from a trusted source, but instead is an attempt to obtain and exploit sensitive user information, such as login credentials for the targeted user's online bank account. Often, the message asks you to "update" account information (including credit card and checking account information, social security numbers, addresses, and telephone numbers). Most phishing scams instruct you to do so using a form in the body of the email. Sometimes, you will be prompted to click a link that appears to lead to an authorized Web site that belongs to a legitimate, trusted company.

In its most basic form, 'phishing' is the use of spam email messages that ask you to divulge your bank account details. For more information see What is phishing? in the IT Services section.

A phishing email, if clicked, will open up to an insecure site. Every site that uses security encryption will have the HTTPS protocol at the beginning of the URL. Did I lose you? The HTTPS is a great way to instantly identify a phishing scam - no matter how legit the website may look, if it doesn't have the HTTPS at the beginning of the URL, it's not for real.

Misspelled words in the site's URL address. A quick tip off that a phishing scam is underway is if the name of the site is misspelled in the site address; for example, www.gooogle.com.

Phishing is the use of fake email and websites to trick a user into supplying confidential or personal information. These emails appear to be from a reputable organization and would have a link to a replica website for that organization. Any details entered (bank account details for instance) into such a website are stolen by those who created the website.

No institution will ever send an email requesting login details. In the unlikely event that you do receive an email from a financial institution requesting such details, contact them directly via your statement contact details (not the ones in the email) to check prior to responding. In general, any email requesting personal details it is not to be trusted. If you receive such an email, contact the sender directly to confirm the request and do not reply to the email.

Once scammers have 'phished' out your information, they could use it in a number of ways. Your credit card could be used for unauthorized purchases, or your bank account could be cleared out, or they may simply gather the information for an identity theft scam, or sell your information to identity theft rings.

Phishing is essentially an online con game, and phishers are nothing more than tech-savvy con artists and identity thieves. They use spam, fake Web sites, crime-ware and other techniques to trick people into divulging sensitive information, such as bank and credit card account details. Once they’ve captured enough victims’ information, they either use the stolen goods themselves to defraud the victims (e.g., by opening up new accounts using the victim’s name or draining the victim’s bank accounts) or they sell it on the black market for a profit.

In most cases, phishers send out a wave of spam email, sometimes up to millions of messages. Each email contains a message that appears to come from a well-known and trusted company. Usually the message includes the company's logo and name, and it often tries to evoke an emotional response to a false crisis. Couched in urgent, business-like language, the email often makes a request of the user’s personal information. Sometimes the email directs the recipient to a spoofed Web site. The Web site, like the email, appears authentic and in some instances its URL has been masked so the Web address looks real.

A regular internet user will definitely have encountered many phishing attempts and few unsuspecting ones may have even fallen prey and lost heavily. This article is intended to shed light on Phishing and provide guidelines to the layman users to try and avoid such attempts. The technically savvy guys will obviously know how to protect them.

Phishing is defined by Wikipedia as the fraudulent attempt to acquire personal information of net users by criminals wearing the garb of legitimate entities. The intent is to make the unsuspecting receiver of the email from a legitimate looking entity to click on an embedded link.

Web Forgery (also known as "Phishing") is a form of identity theft that occurs when a malicious Web site impersonates a legitimate one in order to trick you into giving up sensitive information such as passwords, account details, or credit card numbers. Phishing attacks usually come from email messages that attempt to lure the recipient into updating their personal information on fake, but very real looking, Web sites. More information on phishing can be found at the Anti-Phishing Working Group, and there are a number of examples and resources available at the Wikipedia Phishing page.

Malware is software designed to harm your computer or steal your personal information without your knowledge. Attack Sites are Web sites that try to infect your computer with malware when you visit. These attacks can be very difficult to detect; even a site that looks safe may be secretly trying to attack you. Attackers will often hack a site to turn it into an Attack Site, and sometimes the Web site's owner won't even know that this has happened. You can learn more about Attack Sites and malware from stopbadware.org, a partnership among academic institutions, technology industry leaders, and volunteers committed to protecting Internet users from threats to their privacy and security caused by bad software.

More Answers to this problem and many other subject can be found at www.search-answers.com

©Phil Bradshaw 2009

Article source: https://articlebiz.com
This article has been viewed 907 times.

Rate article

Article comments

There are no posted comments.