Phishing

From Computing and Software Wiki

Revision as of 00:15, 3 December 2007 by Davisml3 (Talk)
Jump to: navigation, search

Phishing is a form of online identity theft that uses spoof e-mails and fraudulent web sites, among other techniques, to lure people into divulging personal and financial data such as: credit card numbers, account usernames, passwords and social security numbers.

Phishing attacks are aptly named because of the similarities they share with fishing. The criminals who are phishing for information are like fishermen and the victims are the fish. The criminals use several different methods to lure their victims into falling for an attack, just like fishermen uses bait to lure fish.

Phishers use the internet as a means to commit fraud. They may use the information they aquired to create fake accounts in the victims names, or make purchases using their credit cards. Often time phishers will sell the information they gather rather then use it.


Contents

1 Types of Phishing Attacks

 1.1 Spamming and Spoofing
 1.2 Spamming and Keylogging

2 Detection and Prevention 3 Phishing Facts



Spamming and Spoofing



Spamming and Keylogging



Detection and Prevention


There are several ways to detect phishing attacks. Knowing how a phishing attack works and being caution when supplying personal information over the internet is the best way to protect youself.

1. Be suspicious of e-mails urgently requesing personal or financial information.

       a.	Phishers include exciting or upsetting information in e-mail, hoping to get you to react quickly.
       b.	Phishing e-mails are sometimes personilized, just because they took the time to include your name in the 
               e-mail does not mean its real.

2. Be suspicios of e-mail attachements.

       a.	E-mail attachments are the most common method used for carring out  Trojan based phishing attacks.

3. Never use links privided in e-mails.

       a.	You should call the company directy or go to the companys website using their address.

4. Make sure you are using a secure website when submitting information in a web browser.

       a.	Phishers are able to spoof the yellow lock you see at the bottom of your screen when the website is suppose   
               to be secure. If you double click on the lock the security certificate on the web site will pop up, if you get 
               any warnings do not use the site.

5. Make sure you check the address line.

       a.	Check the adress line to make sure you are being directed to where you want to go.



Phishing Facts

- 43% of internet users have received a phishing contact

       o	%5 have responded

- It has been estimated that the number of phishing e-mail messages that are sent worldwide each month is 6.1 billion - The average length a phishing site is operational is 3.6 days - In 2006, about 109 million U.S. adults received phishing e-mail attacks, compared with 57 million in 2004. - The financial services industry continues to be the main focus of scammers, with 78 percent of attacks targeting the

       customers of banks and other types of financial institutions.


References

1. Anti-Phishing Working Group, http://www.antiphishing.org/consumer_recs.html 2. Spoofing Attack, http://en.wikipedia.org/wiki/Spoofing_attack 3. Identity Theft Information Center, http://www.scambusters.org/identitytheft.html 4. E-mail Spam, http://en.wikipedia.org/wiki/E-mail_spam

Personal tools