Phishing Is The Criminally Fraudulent Process

In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT Administrators are commonly used to lure the unsuspecting. Phishing is typically carried out by e-mail or instant messaging.Phishing scams have grown up from the unsophisticated swindles of the past in which fake Nigerian princes e-mailed victims, who would get a big windfall if they just provide their bank account number.

Even as authorities try to stamp out that con and other e-mail and online scams, scammers are getting more wily and finding new loopholes to exploit.The vast majority of e-mail is spam and an unknown percentage of that is meant to defraud. The scale of electronic fraud means that that the criminals can make huge profits even if only a small percentage of people are duped.

Phishing commonly refers to hoax e-mails purportedly from banks or other trustworthy sources that seek to trick recipients into revealing bank or credit card account numbers and passwords.

The U.S. government scored a big victory in November when the web hosting company McColo Corp. was taken offline. Estimates vary, but the Washington Post said that 75 percent of spam worldwide had been sent through that single company.But the spam e-mails offering celebrity diets, cheap printer ink, erased credit card debt and amazing orgasms quickly found a new way to inboxes, according to Google's security subsidiary Postini.

Now spammers use a variety of computers to send out spam e-mails to obscure their origins, meaning that a dramatic McColo-style takedown will be harder to reproduce, said Adam Swidler, product marketing manager for Google's Postini.

And they've largely abandoned scams that are easy to see through -- like the Nigerian prince -- in favor of more sophisticated "location-based spam," which directs the victim to a Web site discussing a local disaster or similar issue. If they click on the offered video, the Web site downloads a virus to the user's computer, Google said in a blog on security.

Tim Cranton, a Microsoft cybersecurity expert, said there was no way to know how much money is stolen. "We don't have a way to estimate numbers because there are so many victims that you're not aware of," he said.

WHAT IS 'SMISHING'?

New technology means new ways to steal. One of the latest is "smishing," which is nothing more than a phishing fraud sent via SMS text messaging.E-con artists are getting more sophisticated in approaching potential victims. One tactic has been to write spam that purports to come from a trusted source, like Paypal.

When Paypal, which is owned by eBay, learned that spammers were using its name, they put a digital signature on their e-mails and asked providers like Yahoo and Google to block any e-mail purporting to come from them which did not have that signature.

"We know how many they throw away and it's approximately speaking about 10 million a month," said Michael Barrett, Paypal's chief information security officer. "If the consumer never sees the e-mail in the first place then it's hard for them to get victimized."

A phishing technique was described in detail in 1987, and the first recorded use of the term "phishing" was made in 1996. The term is a variant of fishing,[4] probably influenced by phreaking,[5][6] and alludes to baits used to "catch" financial information and passwords.

Related Posts