|
Phishing
(definition) (FISH.ing) pp. Creating a replica of an existing
web page or HTML email input form to fool a user into submitting
personal, financial, or password data. —adj.
Today phishing seems to be one of the most serious new scams on
the Internet. Now hackers and spamming companies not only bother
you with thousands of unwanted emails each day but also, you
might be the victim of a phishing attack! Phishing refers to the
activity by hackers who simulate a legitimate organization and
use e-mails to persuade people to share their personal and
private financial data. No, this is not a bad joke: phishing
attacks involve the mass distribution of "spoofed" email
messages with return addresses, links, and branding which appear
to come from well known banks, insurance agencies, retailers or
credit card companies. The result of these scams is that
consumers suffer credit card fraud, identity theft, and
financial loss.
So what’s the deal here? Well, for starters, to most Internet
users the emails and web sites are indistinguishable from
legitimate business communications. Secondly, trusted sources
reveal that by hijacking the brands of well-known banks, online
retailers and credit card companies, phishers are able to induce
up to 5% of recipients to respond to them. How far can these
unscrupulous companies and individuals get? Farther than most of
us would think. Last Nov. 8, a man in Sydney, Australia, was
imprisoned for more than five years for duping people into
sending him millions of dollars in a global Internet ruse known
as the Nigerian scam. He presented himself as someone who needed
access to a Western bank account in order to transfer a large
sum of money out of a politically troubled country. Criminals
taking part in the Nigerian scam would then promise the innocent
email recipients a share of the money, but ask for a smaller
upfront cost - in the concept of an ‘administration fee’ -
before the larger sum can be transferred. This way they make
millions! Although this man pleaded guilty at the Sydney Court,
chances are it will take much more than one guilty man
imprisoned to get this problem under control.
According to APWG’s Phishing Attack Trends Report (July 2004),
the most targeted industry sector for phishing attacks continues
to be Financial Services, both from the perspective of total
attacks and the number of companies targeted. Retail is second,
whereas ISPs are third. Citibank seems to be the company whose
brand was hijacked most often by phishers. Some other recent
phishing targets include AOL, SunTrust, Earthlink, Wells Fargo,
MBNA, Charlotte's Bank of America, Paypal, Fleet, Best Buy and
eBay.
Although the United States is the top country in terms of the
total number of hosted phishing web sites, other nations
engaging in phishing attacks include Russia, the UK, Mexico and
many Asian countries such as South Korea, China and Taiwan –
among others. APWG’s report indicates that that approximately
35% of phishing web sites are hosted on exploited machines,
unbeknownst to their owners. Because they are fake, phishing web
sites normally do not have a long life span. The average life
span for both phishing and fraud sites, measured by how long
they continue to respond with content, does not go beyond a
week.
Think you are covered because you know what phishing is and you
have an idea on how to handle these attacks, sit back because
you have not heard it all. Research indicates that the dramatic
increase in the number of fraud-based websites over the past few
months may result not only in identity theft, but also in the
false belief that you have purchased something online when in
fact, you have not! Unlike phishing attacks that hijack the
brand of trusted e-commerce or financial institutions, these web
sites are presented as generic ecommerce sites. How do they
operate? Well, users believe they are ordering legitimate
products or applying for a legitimate mortgage when in reality,
they are becoming fraud victims. The most common fraud-based web
sites are fake loan scams, mortgage frauds, online pharmacy
frauds, and fake online banking institutions. In addition to the
direct cost of fraud and the enduring effects of identity theft
for consumers, the growth of criminal spam threatens the
integrity and brand of organizations that do business online.
Phishing attacks
are growing quickly both in number and sophistication. If you
have been tricked this way, you should assume that you will
become a victim of credit card fraud, bank fraud, or identity
theft. Some basic advice on what to do in this situation if you
have given out your credit, debit or ATM card, or bank account
information, is to report the theft of this information to the
card issuer or the bank as quickly as possible. Canceling your
account and opening a new one is advisable in addition to
reviewing your billing statements carefully after the loss.How
can you solve your company’s email problems and keep the right
information flowing? Phishing is one of the most dangerous forms
of spam, thus if you are worried about the problem of phishing,
online fraud, and email spoofing, you should first control the
spam in your mailbox and report those who are sending it. To
take an active role in the fight against spam, you can become a
member of the Anti-Spam League for free and learn how to detect
and recognize potential phishing and online fraud threats. Find
out how by visiting
www.Anti-Spam-League.org.
ABOUT THE AUTHOR
The purpose of the Anti SPAM League is to help consumers and
business owners reduce the amount of SPAM they receive. In
addition, our Anti SPAM organization believes that educating
site owners in the area of SPAM prevention and ways to
successfully and responsibly market their sites, is key in
making a difference.
|
