What Is Phishing?
Learn how to avoid
Suppose you check your e-mail one day and find a message from your bank.
You've gotten e-mail from them before, but this one seems suspicious,
especially since it threatens to close your account if you don't reply
immediately. What do you do?
This message and others like it are examples of phishing, a method of online
identity theft. In addition to stealing personal and financial data,
phishers can infect computers with viruses and convince people to
participate unwittingly in money laundering. In this article, we'll examine
the common traits of phishing schemes and the technological tricks that
phishers use to deceive people.
Most people associate phishing with e-mail messages that spoof, or mimic,
banks, credit card companies or other business like Amazon and eBay. These
messages look authentic and attempt to get victims to reveal their personal
information. But e-mail messages are only one small piece of a phishing
From beginning to end, the process involves:
1.Planning. Phishers decide which business to target and determine how to
get e-mail addresses for the customers of that business. They often use the
same mass-mailing and address collection techniques as spammers.
2.Setup. Once they know which business to spoof and who their victims are,
phishers create methods for delivering the message and collecting the data.
Most often, this involves e-mail addresses and a web page.
3.Attack. This is the step people are most familiar with -- the phisher
sends a phony message that appears to be from a reputable source.
4.Collection. Phishers record the information victims enter into web pages
or popup windows.
5.Identity Theft and Fraud. The phishers use the information they've
gathered to make illegal purchases or otherwise commit fraud. As many as a
fourth of the victims never fully recover.
If the phisher wants to coordinate another attack, he evaluates the
successes and failures of the completed scam and begins the cycle again.
Phishing scams take advantages of software and security weaknesses on both
the client and server sides. But even the most high-tech phishing scams work
like old-fashioned con jobs, in which a hustler convinces his mark that he
is reliable and trustworthy. Next, we'll look at the steps phishers take to
convince victims that their messages are legitimate.
Phishing and Establishing Trust
The first documented use of the word "phishing" took place in 1996. Most
people believe it originated as an alternative spelling of "fishing," as in
"to fish for information".
Since most people won't reveal their bank account, credit card number or
password to just anyone, phishers have to take extra steps to trick their
victims into giving up this information. This kind of deceptive attempt to
get information is called social engineering.
Phishers often use real company logos and copy legitimate e-mail messages,
replacing the links with ones that direct the victim to a fraudulent page.
They use spoofed, or fake, e-mail addresses in the "From:" and "Reply-to"
fields of the message, and they change links to make them look legitimate.
But recreating the appearance of an official message is just part of the
Most phishing messages give the victim a reason to take immediate action,
prompting him to act first and think later. Messages often threaten the
victim with account cancellation if he doesn't reply promptly. Some thank
the victim for making a purchase he never made. Since the victim doesn't
want to lose money he didn't really spend, he follows the message's link and
winds up giving the phishers exactly the sort of information he was afraid
they had in the first place.
In addition, a lot of people trust automatic processes, believing them to be
free from human error. That's why many messages claim that a computerized
audit or other automated process has revealed that something is wrong with
the victim's account. The victim is more likely to believe that someone has
been trying to break into his account than believe that the computer doing
the audit made a mistake.
For more information,
tips and resources visit
I hope you will use this
information to keep your computer running smoothly. If you have any doubt about
an e-mail message, DON'T OPEN IT and absolutely DO NOT respond to it. Have your computer system checked
regularly.. We can clean
your computer of all infections and show you how to prevent future attacks. Call