Phishing
Written by Pat Reed, Vice Principal/Curriculum, St. John Fisher School
Introduction
The term phishing was coined in the mid-1990s. It refers to attempts to fraudulently gain access to personal information such as account numbers and passwords by posing as a legitimate individual or business. Generally, individuals are contacted via email or instant message by the fraudulent entity with a request to update information online. Phishing is also called carding and spoofing. The term “phishing” emerged because of scammers’ use of “lures” as they “fish” for personal financial information. In its early days, phishing was used to steal passwords from AOL users. Phishing has grown more sophisticated and threatening, with phishers seeking information from individuals that use online banking, paypal, and e-commerce sites.
Issues
Early phishing attempts were easily recognized due to amateurish presentation, spelling, grammar and punctuation errors. More recent attempts have become more sophisticated and devious. Phishers purchase similar domain names (such as yahoo.billing.com or paypa1.com). They incorporate mirror websites and logos from major companies such as Microsoft and e-Bay. Phishing attempts operate with a fake login pop-up that has the legitimate business website open in the background. Both appear to be from the same source. Most recently, scammers pose as legitimate businesses, such as mortgage companies, online banks and pharmacies in an attempt to steal credit card numbers. Phishers also use DNS redirecting, which moves the user unknowingly from legitimate sites such as eBay or Google to fake web servers that then install spyware on the user’s computer.
In 2004, an estimated 57 million adults had received a phishing email, and approximately 1.4 million people were victims of identity theft. This type of fraud cost banks and credit card companies approximately $1.2 million in 2003 (Gartner, Inc). By January, 2005, 12,845 new phishing email messages were reported, an increase of 42% from December, 2004 (Anti-Phishing Working Group).
Minimizing Risk
UK’s Bank Safe Online recommends the following measures to avoid risk:
- Treat all unsolicited emails with caution and never click on links from such emails to visit unknown websites
- Install anti-virus software, keep it up-to-date and run regular security scans
- Install and learn how to use a personal firewall
- Install the latest security updates, also known as patches
Annotated Websites
Phishing, from Wikipedia
Here you will find a detailed history of Phishing, examples, legislative action, and anti-phishing strategies and software.
Anti-Phishing Working Group
A historical archive of phishing attempts, recent research, and news can be found here, along with a place to report phishing attempts.
Spyware Remove
This site, run by Enigma Software, provides a timeline of phishing scams and information about avoiding them. They provide a free download of an antispyware program, along with sales information about their more sophisticated products such as SpyHunter and Adorons Easy Security.
Bank Safe Online
The UK’s initiative to help online bank users stay safe online. This site provides information on the latest scams and methods to avoid becoming a victim.
Last Updated:
08/02/2005
|