Pronounced "fishing," it is a scam to steal valuable information such as credit card and social security numbers, user IDs and passwords. Also known as "brand spoofing," an official-looking e-mail is sent to potential victims pretending to be from their bank or retail establishment. E-mails can be sent to people on selected lists or any list, expecting some percentage of recipients will actually have an account with the organization.
E-Mail Is the "Bait"
The e-mail states that due to internal accounting errors or some other pretext, certain information must be updated to continue your service. A link in the message directs the user to a Web page that asks for financial information. The page looks genuine, because it is easy to fake a valid Web site. Any HTML page on the Web can be copied and modified to suit the phishing scheme. Rather than go to a Web page, another option is to ask the user to call an 800 number and speak with a live person, who makes the scam seem even more genuine.
Anyone Can Phish
A "phishing kit" is a set of software tools from phishing developers that help the novice phisher copy a target Web site and make mass mailings. It may even include lists of e-mail addresses (how thoughtful of people to create these kits!). In the meantime, if you suspect a phishing scheme, you can report it to the Anti-Phishing Working Group at www.antiphishing.org. See pharming, vishing, smishing and twishing.
The "Spear" Phishing Variant
Spear phishing is more targeted and personal. The e-mail supposedly comes from someone in the organization everyone knows such as the head of human resources. It could also come from someone not known by name, but with a title of authority such as a LAN administrator. Once one employee falls for the scheme and divulges sensitive information, it can be used to gain access to more of the company's resources.
E-Mail Is the "Bait"
The e-mail states that due to internal accounting errors or some other pretext, certain information must be updated to continue your service. A link in the message directs the user to a Web page that asks for financial information. The page looks genuine, because it is easy to fake a valid Web site. Any HTML page on the Web can be copied and modified to suit the phishing scheme. Rather than go to a Web page, another option is to ask the user to call an 800 number and speak with a live person, who makes the scam seem even more genuine.
Anyone Can Phish
A "phishing kit" is a set of software tools from phishing developers that help the novice phisher copy a target Web site and make mass mailings. It may even include lists of e-mail addresses (how thoughtful of people to create these kits!). In the meantime, if you suspect a phishing scheme, you can report it to the Anti-Phishing Working Group at www.antiphishing.org. See pharming, vishing, smishing and twishing.
The "Spear" Phishing Variant
Spear phishing is more targeted and personal. The e-mail supposedly comes from someone in the organization everyone knows such as the head of human resources. It could also come from someone not known by name, but with a title of authority such as a LAN administrator. Once one employee falls for the scheme and divulges sensitive information, it can be used to gain access to more of the company's resources.
 | Reproduced with permission from Computer Desktop Encyclopedia. Copyright (c) 1981-2009 The Computer Language Company Inc. All rights reserved. |
Additional Resources
- Microsoft: To spam or not to spam
- I'm rather suspiciousLook at the date. December 2008?Show me the headersI would never bother reading the body without checking them first.False dichotomyAnd oh, by the way: just because it's genuine doesn't mean it's not spam.TrashntHumm . . .Humm . . . We really need to start adopting digital signatures.It usually...
- Discussion threads 2009-11-27
- Intego Personal Antispam X5 10.5.5 (Mac)
- Personal Antispam X5 is an intelligent program for fighting spam and phishing e-mails. Personal Antispam X5 learns from the e-mail users receive, and regular monthly updates to the program help keep inboxes as spam-free as possible. In addition to keeping inboxes free of spam, Personal Antispam X5 helps protect...
- Software downloads 2009-11-25
- Netgate Internet Security 3.0.305 (Windows)
- Netgate Internet Security, a bundle comprising of FortKnox Personal Firewall and Spy Emergency, is a complete security protection solution against all of the most serious Internet threats, including spyware, viruses, adware, trojans, worms, rootkits, phishing, spam and hackers consisting of anti-spyware, anti-virus, anti-spam, anti-rootkit, anti-phishing and firewall technologies. With built-in...
- Software downloads 2009-11-25
- 1Password 3.0.1 (Mac)
- 1Password is a Password Manager that uniquely brings you both Security and Convenience. It is the only program that provides Anti-Phishing protection and goes beyond password management by adding Web Form Filling and Automatic Strong Password Generation. All your confidential information, including passwords, identities, and credit cards, is kept in...
- Software downloads 2009-11-23
- AntispamSniper For Outlook 3.2.2.1 (Windows)
- AntispamSniper for Outlook provides a professional antispam and anti-phishing protection for your mailbox. The plug-in filters POP3, IMAP, and Exchange accounts. The unique combination of several methods for automatic e-mail classification shows excellent filtering quality for all kinds of spam, including graphical spam with random text. The plug-in has a...
- Software downloads 2009-11-20
- Sticky Password 4.0.141 (Windows)
- In addition to managing and encrypting all your passwords, Sticky Password 4.0 provides exceptional one-click online form filling. The small installation package incorporates the industry's most powerful encryption algorithms and provides effective protection against phishing schemes, concealed key-loggers and identity theft. Each license includes a license to install Sticky Password...
- Software downloads 2009-11-20
- Online Armor 4.0.0.10 (Windows)
- Online Armor Premium Firewall safeguards your funds, identity and data on your PC weather you're browsing, transacting or receiving email. Online Armor Premium comes with "Banking Mode" that secures your internet banking session therefore protecting you from keyloggers and Phishing techniques that might want to either record your login details...
- Software downloads 2009-11-14
- Scammers trick users to ship stolen goods
- RSA FraudAction Research Lab has uncovered the workings behind a recent re-shipping scam in which U.S. residents were used as mules to send goods purchased with stolen credit card numbers overseas. RSA FraudAction Research Lab has uncovered the workings behind a recent re-shipping scam in which U.S. residents were...
- News items 2009-11-12
- AVG Anti-Virus 9.0.704 (Windows)
- AVG Anti-Virus 9.0 is faster, safer and easier to use. The combined anti-virus/anti-spyware scanner in AVG Anti-Virus 9.0 runs up to 50% faster than earlier versions. It is rock solid protection that doesn't get in your way. AVG Anti-Virus 9.0 also delivers new anti-phishing detection techniques, which can quickly and...
- Software downloads 2009-11-11
- AVG Anti-Virus Free Edition 9.0.704 (Windows)
- AVG Anti-Virus Free Edition is an anti-virus protection tool available free of charge to home users. Rapid virus database updates are available for the lifetime of the product, thereby providing the high level of detection capability. The new 9.0 edition is faster, safer and easier to use. AVG Anti-Virus Free...
- Software downloads 2009-11-11
- ZoneAlarm Extreme Security 2010 9.1.008 (Windows)
- ZoneAlarm Extreme Security is a comprehensive suite protecting your PC, your browser, and your data. The OSFirewall monitors changes within your computer to spot and stop new attacks that bypass traditional anti-virus protection. The Advanced Download Protection analyzes browser downloads in three unique ways before they can infect your PC...
- Software downloads 2009-11-10
- Counting vulnerabilities is pointless
- Suddenly it doesn't matter any more? Vulnerability count is an indication of software qualityIt goes directly to the process the vendor went through to root out vulnerabilities before shipping. At least if you compare products with the same general purpose and which receives the same amount of scrutiny.Time to fix...
- Discussion threads 2009-11-09
- IEWall 2.0 build 1012 (Windows)
- IEWall software is an award-winning, browser security utilities that gives safety advice about website BEFORE you click on a risky site, Support all web browser include IE6/7/8 Firefox Opera Chrome Safari. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. IEWall can...
- Software downloads 2009-11-09
- House bill calls for ISPs to block some fake financial sites
- Good grief!Now the BIG LETHARGIC Gov is going to tell people what sites they can go to and tell ISP's to block them???GOOD GRIEF! It is out of control, 2010 is coming and these socialist will be sent back home... AHHHH the sound of 1984 is very much alive..and well...
- Discussion threads 2009-11-05
- America Online (AOL) 9.5 (Windows)
- Popular Internet service that allows you to send email, chat, and view your own personal profile. AOL email makes it easy to stay in touch with friends, family and business associates. You get unlimited storage, and it's a snap to add personality to emails with customized fonts, colors, stationery and...
- Software downloads 2009-11-04
- iHacked: jailbroken iPhones compromised, $5 ransom demanded
- Yesterday, a "Your iPhone's been hacked because it's really insecure! Please visit doiop.com/iHacked and secure your phone right now!" message popped up on the screens of a large number of automatically exploited Dutch iPhone users, demanding $4.95 for instructions on how to secure their iPhones and remove the message from...
- Blog posts 2009-11-03
- Scams surfacing on Twitter, Facebook
- Twitter users warned about direct messages that said: "I make money online with google. i learned how here [link]." Facebook users were getting a bogus link from a friend. Twitter and Facebook users were getting hit with scams on Monday. Twitter users warned about direct messages...
- News items 2009-11-02
- ZoneAlarm Internet Security Suite 2010 9.1.008 (Windows)
- ZoneAlarm Internet Security Suite is an essential antivirus, anti-spyware, and firewall protection for your PC. The OSFirewall monitors changes within your computer to spot and stop new attacks that bypass traditional anti-virus protection. The Advanced Download Protection analyzes browser downloads in three unique ways before they can infect your PC...
- Software downloads 2009-11-02
- AntispamSniper for Outlook Express 3.2.2.1 (Windows)
- AntispamSniper for Outlook Express provides a professional antispam and anti-phishing protection for your mailbox. The unique combination of several methods for automatic email classification shows excellent filtering quality for all kinds of spam, including graphical spam with random text. The plug-in has a built-in option which allows spam deletion from...
- Software downloads 2009-11-01
- Phishing experiment sneaks through all anti-spam filters
- Not mine.My e-mail address is not known to spammers and I haven't received spam ever since my Hosted Exchange provider uses a Barracuda Spam Filter.Sorry, you can't take advantage of my trust unless I know you for years -- even decades. :)And by the way, please mind your feelings as...
- Discussion threads 2009-10-29
Neighboring Terms
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- New Online Dashboard for IT Leaders
-
Read about top issues IT decision-makers face every day, plus get cost-effective solutions to real-life IT problems.
- Learn more >>
- Reduce risk. Reduce complexity. Increase reliability.
-
A simplified IT environment isn't just less complex. It's also more reliable. Standardize on a single Linux platform with SUSE Linux Enterprise from Novell, and get the world's most interoperable Linux
- Learn more >>
- Microsoft Dynamics CRM Online - Free Six-Month Trial for Eligible Organizations
-
Microsoft Dynamics CRM Online provides fast online access, simple contact management and better sales performance for a low monthly cost - the best value on the market today.
- Learn more about the free, six-month trial offer>>
SmartPlanet
- Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
- More from IBM
-
- How to Drive Better Business Outcomes with Exceptional Web Experiences Download the eBook
- Driving Business Agility through SOA Connectivity & Integration Read the White Paper from IBM
- Linking Decisions and Information for Organizational Performance Read the Tom Davenport study
