All about Phishing.

2007-10-10T17:30:00.001-05:00

In computing, phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. eBay, PayPal and online banks are common targets. Phishing is typically carried out by email or instant messaging, and often directs users to enter details at a website, although phone contact has also been used.

Recent phishing attempts

More recent phishing attempts have targeted the customers of banks and online payment services. E-mails, supposedly from the Internal Revenue Service, have also been used to glean sensitive data from U.S. taxpayers. While the first such examples were sent indiscriminately in the expectation that some would be received by customers of a given bank or service, recent research has shown that phishers may in principle be able to determine which banks potential victims use, and target bogus emails accordingly. Targeted versions of phishing have been termed "spear phishing".
Social networking sites are also a target of phishing, since the personal details in such sites can be used in identity theft, in late 2006 a computer worm took over pages on MySpace and altered links to direct surfers to websites designed to steal login details. Experiments show a success rate of over 70% for phishing attacks on social networks.
Almost half of phishing thefts in 2006 were committed by groups operating through the Russian Business Network based in St. Petersburg.

Tips on how to avoid the Internet scam known as phishing

If you receive an unexpected e-mail saying your account will be shut down unless you confirm your billing information, do not reply or click any links in the e-mail body.
Before submitting financial information through a Web site, look for the "lock" icon on the browser's status bar. It means your information is secure during transmission.
If you are uncertain about the information, contact the company through an address or telephone number you know to be genuine.
If you unknowingly supplied personal or financial information, contact your bank and credit card company immediately.
Suspicious e-mail can be forwarded to uce@ftc.gov, and complaints should be filed with the state attorney general's office or through the FTC at www.ftc.gov.

Notes:

The term phishing comes from the fact that Internet scammers are using increasingly sophisticated lures as they "fish" for users' financial information and password data. The most common ploy is to copy the Web page code from a major site — such as AOL — and use that code to set up a replica page that appears to be part of the company's site. (This is why phishing is also called brand spoofing.) A fake e-mail is sent out with a link to this page, which solicits the user's credit card data or password. When the form is submitted, it sends the data to the scammer while leaving the user on the company's site so they don't suspect a thing.

Peruvian Net against Child Pornography

All about Phishing.