The term was coined in the mid-1990s by crackers attempting to steal AOL accounts. An attacker would pose as an AOL staff member and send an instant message to a potential victim. The message would ask the victim to reveal his or her password, for instance to "verify your account" or to "confirm billing information". Once the victim gave over the password, the attacker could access the victim's account and use it for criminal purposes, such as spamming.
Phishing has been widely used by fraudsters using spam messages masquerading as large banks (Citibank, Bank of America) or PayPal. These fraudsters can copy the code and graphics from legitimate websites and use them on their own sites to create legitimate-looking scam web pages. They can also link to the graphics on the legitimate sites to use on their own scam site. These pages are so well done that most people cannot tell that they have navigated to a scam site.
Fraudsters will also put the text of a link to a legitimate site in an e-mail but use the source code to links to own fake site. This can be revealed by using the "view source" feature in the e-mail application to look at the destination of the link or putting the cursor over the link and looking at the code in the status bar of the browser.
Although many people don't fall for it, the small percentage of people that do fall for it, multiplied by the sheer numbers of spam messages sent, presents the fraudster with a substantial incentive to keep doing it.
Anti-phishing technologies are now available. In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.
Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public.
Phishing is typically carried out by e-mail or instant messaging and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.
Even when using server authentication, it may require tremendous skill to detect that the website is fake. Phishing is an example of social engineering techniques used to fool users and exploits the poor usability of current web security technologies. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures.
Almost half of phishing thefts in 2006 were committed by groups operating through the Russian Business Network based in St. Petersburg.
Everyone can help educate the public by encouraging safe practices, and by avoiding dangerous ones. Unfortunately, even well-known players are known to incite users to hazardous behavior, e.g. by requesting their users to reveal their passwords for third party services, such as email. Wikipedia
Reply |Donald Loan Investment Company
Show details 6:37 PM (11 hours ago)
date Wed, Nov 4, 2009 at 6:37 PM
subject Loan Offer
GMAIL Warning: This message may not be from who it claims to be. Beware of following any links in it or of providing the sender with any personal information. Learn more
My names are KLARK DONALD; I am a certified loan lender. I offer secured and unsecured loans to individuals and companies at low interest rate. I offer long and short-term loans. My firm has recorded many breakthroughs in the provision of first class financial services to our clients especially in the area of Loan syndication and capital provision for individuals and companies.
In general, we offer mortgages, home loans, car loans, hotel loans, commercial loans, construction loans, start-up- working capital loans, business loans and bad credit loans, etc., at 0.5% interest rate. We would love to fund projects at hand and offer personal loans as well to you, your firm/partners and clients.
We offer the right solution to your financial needs. We stand apart from other lenders because we believe in customer service and we stay with you until you get the results you want. We are a group of energetic and experienced loan professionals with through knowledge of financial markets.
We have many partners in real estate; banking and technology fields that can assist obtain financing.
Almost all of our businesses are through referrals by satisfied and repeat customers. We have brought ailing industries back to life and we back good business ideas by providing funds for their upstart. We have a network of Investors that
As the leading provider of Commercial, Business and personal loans to individuals and corporations nationwide, we offer the right kind of financing in less amount of time it will take with traditional lenders. In our bid to be useful to you, Funds (Loan) will be electronically wired into your State account, which will be provided by you. Interested Persons should fill out the Application Form below.
Donald Loan Investment Company
PHISHING IS REALLY OLD NEWS, when you think about it. In fact the term "phish" is actually a portmanteau of the words "phone" and "fish" and has nothing to do with the Internet at all. Rather, it stemmed from an age-old credit card scam in which a person pretending to be a representative of a credit card company would make dozens of calls to strangers, "fishing" for a victim. He would warn them that their credit card identities had been compromised and ask that they answer some security questions. Given enough psychological pressure, they eventually reveal their security numbers to him, and bang! – The victim was "phished".
Phishing works through the manipulation of our desires and fears. Although technology and banking has made significant progress since the first phone cons of the late 1980s, one thing remains the same: people are still susceptible to psychological trickery. And although the phone phish is still alive and well, the phishing we really have to watch out for these days takes place over the Web.
And unless you log on to the real website within the next few minutes and change your password again, that is precisely what they will do.
Most banks are well aware of the risks of email phishing. Nonetheless, you can help stem the menace by forwarding any email that you receive to your bank's customer service center. This will allow them to investigate the origin of the email and (hopefully) take action against the perpetrators.
These Trojans are typically variants of "Zeus", "BredoLab" and the infamous "Microsoft Online Helper!” Once installed, they work together to steal data from your computer and record your online username-password combinations. The criminals behind the scheme can also remotely operate your computer to engage in other criminal activity such as sending spam while propagating the phish by sending itself to everyone in your address book.
To avoid being fooled into running malicious programs disguised as ordinary office documents, make sure you can see file extensions on your PC. Go to any Windows Explorer window and select Folder Options from the Tools menu. Click the View tab and uncheck the "Hide extensions for known file types" option, then click OK. You'll notice that all the files on your PC will now show their extensions such as ".doc", ".xls" or ".pdf". If you see something that looks like an Excel spreadsheet or PDF document but has an ".exe" extension, you'll know it's a virus.
Of course, ".exe" extensions are not the only kind of file you should watch out for. There are many other executable file types that can wreak havoc on your computer if activated.. Microsoft Business
According to the most recent version of Microsoft’s Security Intelligence Report, more than 97 percent of e-mail messages sent over the internet are unwanted, have malicious attachments, are phishing attacks, or are spam. Adapted below are the company’s recommendations on how to avoid getting caught by the phishers, and what to do if your online identity is compromised by thieves?
E-mails that are poorly worded, have typos, or have phrases such as "this is not a joke" or "forward this message to your friends" are generally scam e-mails. Phishing mail often includes official-looking logos and other identifying information taken directly from legitimate Web sites, and it may include convincing details about your personal information that scammers found on your social networking pages. A few phrases to look for if you think an e-mail message is a phishing scam are: "Verify your account." "If you don't respond within 48 hours, your account will be closed."; "You have won the lottery.”
Make sure you have created a strong password for your account by using more than 7 characters and having a combination of upper and lower case characters, numbers, and special characters, like the @ or # symbols. It's also a good idea to change your password on a regular basis.
Report the phishing scam and help identify new scams. If you use Windows Live Hotmail and received a phishing e-mail, you can select the dropdown next to "Junk,” and select "Report phishing scam.” Whatever you do, do not reply back to the sender. UK Times Online