Phishing is the fraudulent act of acquiring private and sensitive information, such as credit card numbers, personal identification and account usernames and passwords.
Using a complex set of social engineering techniques and computer programming expertise, phishing websites lure email recipients and Web users into believing that a spoofed website is legitimate and genuine.
In actuality, the phishing victim later discovers his personal identity and other vital information have been stolen and exposed.
Similar to fishing in a lake or river, phishing is computer lingo for fishing over the Internet for personal information.
The term was first used in 1996, when the first phishing act was recorded.
Phishing uses link manipulation, image filter evasion and website forgery to fool Web users into thinking that a spoofed website is genuine and legitimate. Once the user enters vital information, he immediately becomes a phishing victim.
Phishing emails are blindly sent to thousands, if not millions of recipients. By spamming large groups of people, the “phisher” counts on the email being read by a percentage of people who actually have an account with the legitimate company being spoofed in the email and corresponding webpage.
Types of phishing attacks:
Deceptive phishing is the most common type of phishing. In this case, an attacker attempts to obtain confidential information from the victims. Attackers use the information to steal money or to launch other attacks. A fake email from a bank asking you to click a link and verify your account details is an example of deceptive phishing.
Spear phishing targets specific individuals instead of a wide group of people. Attackers often research their victims on social media and other sites. That way, they can customize their communications and appear more authentic. Spear phishing is often the first step used to penetrate a company’s defenses and carry out a targeted attack.
When attackers go after a “big fish” like a CEO, it’s called whaling. These attackers often spend considerable time profiling the target to find the opportune moment and means of stealing login credentials. Whaling is of particular concern because high-level executives are able to access a great deal of company information.
Similar to phishing, pharming sends users to a fraudulent website that appears to be legitimate. However, in this case, victims do not even have to click a malicious link to be taken to the bogus site. Attackers can infect either the user’s computer or the website’s DNS server and redirect the user to a fake site even if the correct URL is typed in.
Fortunately, phishing victimization is preventable. The following security precautions are recommended:
Use updated computer security tools, such as anti-virus software, spyware and firewall.
Never open unknown or suspicious email attachments.
Never divulge personal information requested by email, such as your name or credit card number.
Double check the website URL for legitimacy by typing the actual address in your Web browser.
Verify the website’s phone number before placing any calls to the phone number provided via email.