Pronounced "fishing," it is a scam to steal valuable information such as credit card and social security numbers, user IDs and passwords. Also known as "brand spoofing," an official-looking e-mail is sent to potential victims pretending to be from their ISP, bank or retail establishment. E-mails can be sent to people on selected lists or on any list, expecting that some percentage of recipients will actually have an account with the real organization.
E-Mail Is the "Bait"
The e-mail states that due to internal accounting errors or some other pretext, certain information must be updated to continue your service. A link in the message directs the user to a Web page that asks for financial information. The page looks genuine, because it is easy to fake a valid Web site. Any HTML page on the Web can be copied and modified to suit the phishing scheme.
Anyone Can Phish
A "phishing kit" is a set of software tools that help the novice phisher imitate a target Web site and make mass mailings. It may even include lists of e-mail addresses. How thoughtful of people to create these kits. In the meantime, if you suspect a phishing scheme, you can report it to the Anti-Phishing Working Group at www.antiphishing.org. See pharming, vishing and smishing.
The "Spear" Phishing Variant
Spear phishing is more targeted and personal. The e-mail supposedly comes from someone in the organization everyone knows such as the head of human resources. It could also come from someone not known by name, but with a title of authority such as a LAN administrator. Once one employee falls for the scheme and divulges sensitive information, it can be used to gain access to more of the company's resources.
E-Mail Is the "Bait"
The e-mail states that due to internal accounting errors or some other pretext, certain information must be updated to continue your service. A link in the message directs the user to a Web page that asks for financial information. The page looks genuine, because it is easy to fake a valid Web site. Any HTML page on the Web can be copied and modified to suit the phishing scheme.
Anyone Can Phish
A "phishing kit" is a set of software tools that help the novice phisher imitate a target Web site and make mass mailings. It may even include lists of e-mail addresses. How thoughtful of people to create these kits. In the meantime, if you suspect a phishing scheme, you can report it to the Anti-Phishing Working Group at www.antiphishing.org. See pharming, vishing and smishing.
The "Spear" Phishing Variant
Spear phishing is more targeted and personal. The e-mail supposedly comes from someone in the organization everyone knows such as the head of human resources. It could also come from someone not known by name, but with a title of authority such as a LAN administrator. Once one employee falls for the scheme and divulges sensitive information, it can be used to gain access to more of the company's resources.
 | Reproduced with permission from Computer Desktop Encyclopedia. Copyright (c) 1981-2008 The Computer Language Company Inc. All rights reserved. |
Additional Resources
- Antivirus vendor introducing virtual keyboard for secure Ebanking
- Kaspersky's most recent product launch of the Kaspersky Internet Security 2009, is featuring a virtual keyboard "a secure pop-up that enables logins, passwords, bank card details and other important personal information to be entered safely to prevent the theft of confidential information" aiming to protect users from keyloggers, and consequently...
- Blog posts 2008-07-02
- Anti-malware blocker, cross-site scripting protections coming in IE 8
- Anti-malware blocker, cross-site scripting protections coming in IE 8Once again......late to the game. The "alternate" browsers have had these for a while. Competition breeds improvement, apparently. ;)It will still suckBeing a MS product, it will still suck.RE: Anti-malware blocker, cross-site scripting protections coming in IE 8Why would...
- Discussion threads 2008-07-02
- Microsoft to ratchet IE8 security another notch in Beta 2
- Sometime in August, Microsoft plans to release Beta 2 of Internet Explorer 8. Yesterday, I spoke with Austin Wilson, Director of Windows Client Product Management at Microsoft, about some of the security-related changes due in this milestone, and got a preview of the changes announced today. Here are some details...
- Blog posts 2008-07-02
- Anti-malware blocker, cross-site scripting protections coming in IE 8
- When Microsoft's Internet Explorer 8 hits the Beta 2 milestone in August, the browser makeover will feature a full-fledged anti-malware blocker and new protections against some forms of cross-site scripting attacks. The existing phishing filter IE 7 has been renamed SmartScreen Filter and will include blacklist-based blocking...
- Blog posts 2008-07-02
- Virus-Evaluator (exe)
- A complete solution against all of the most serious Internet threats, including malware, spyware, adware, trojans, worms, viruses, rootkits, phishing, spam, and hackers consisting of anti-malware, anti-spyware, anti-spam, anti-rootkit and anti-phishing. This version is the first release on CNET Download.com.
- Software downloads 2008-07-02
- McAfee S.P.A.M. experiment and more ridiculous HackerSafe failures
- Stay with me here readers, I'm stringing two stories about McAfee together here, a little out of the ordinary, so I hope it makes sense. If you aren't interested in the tech details of which there are very little, please do read for a good laugh. Network World reported...
- Blog posts 2008-07-01
- HSBC sites vulnerable to XSS flaws, could aid phishing attacks
- HSBC sites vulnerable to XSS flaws, could aid phishing attacksHow many users understand or care....Your article raises a number of good points. But the best advice for not getting phished is to bookmark a secure page on the bank's website and use ONLY that bookmark to access your account....
- Discussion threads 2008-06-30
- News to know: Phishing; Gates gone; Google; Hyper-V
- Notable headlines: Dancho Danchev: HSBC sites vulnerable to XSS flaws, could aid phishing attacks TechRepublic: Most report their IT career has been better than they expected Mary Jo Foley: J Allard gets a new job Mystery explained: Why...
- Blog posts 2008-06-30
- HSBC sites vulnerable to XSS flaws, could aid phishing attacks
- What would the perfect phishing attack from a social engineering perspective? The one that compared to using typosquatted domains impersonating the bank's web application directory structure is in fact using the bank's legitimate domain names as redirectors due to XSS flaws within. It's even more interesting to measure the average...
- Blog posts 2008-06-29
- Firefox and Thunderbird phone home daily
- Firefox and Thunderbird phone home dailyReally? What does Windowssend to MS everyday?IP address?What time you were using the product?What exact version number you were using?If you are using any of the plugins or addons sent in the disabled list?Total number of active users of their software?Problem isother companies like Apple...
- Discussion threads 2008-06-26
- EZDNSWatch From CYBERsitter (exe)
- EZDNSWatch will check and monitor your computers DNS settings to prevent them from being hijacked. EZDNSWatch also supports OpenDNS and allows one click configuration. OpenDNS is a free public DNS server that is guaranteed safe and also provides protection from phishing and other dangerous sites you might accidentally encounter while...
- Software downloads 2008-06-24
- Phishers targeting Facebook users, fake logins spammed through hacked accounts
- A currently active phishing campaign is circulating across Facebook end users' walls, using already compromised accounts to post the phishing links, tricking the user into thinking it's a legitimate friend sending the message in order to redirect them to a fake login page. The campaign is taking advantage of multiple...
- Blog posts 2008-06-20
- Security breach hits DivShare, unauthorized access to its database
- The popular document and media sharing service DivShare, suffered a security breach according to a security announcement posted by DivShare's support team earlier this week : Late last night we were alerted of a security breach that allowed a malicious user to access our database, which included user e-mail...
- Blog posts 2008-06-19
- Firefox 3
- After months of testing, Firefox 3 code name Gran Paradiso is available for download from Mozilla. With its new Gekko 1.9 engine, the browser rocks, rendering pages faster and uses fewer system resources overall. As with any new browser, some add-ons created for Firefox 2 may not work, but give...
- Product reviews 2008-06-17
- Opera ships security patches, adds malware blocker
- Opera users, get your browser patching engine ready. The Norwegian software maker has released version 9.5 as a recommended security and stability update that includes patches for at least three serious security vulnerabilities. The update, available here for download, patches the following: ...
- Blog posts 2008-06-12
- Google intentionally blocking PayPal from App Engine?
- After anonymously bashing PayPal in Australia, it's not a huge surprise that Google was caught intentionally blocking AppEngine users from using PayPal too. Could it have been a innocent mistake? Sure, but the circumstance and timing are extremely suspicious. First, Google was outed after sending an...
- Blog posts 2008-06-10
- AhnLab V3 Internet Security 2007 Platinum (exe)
- AhnLab V3 Internet Security 2007 Platinum is an integrated Internet security solution. Detecting and removing viruses, Preventing phishing, Protecting personal identity, Filtering URL against prohibited Web sites and unwanted activities, Improving PC performance by cleaning off unnecessary files.Version 7.6.2.1 includes a newly developed 2008 TS engine.
- Software downloads 2008-06-04
- Online brand-jacking increasing
- With the evolving sophistication of online scammers' understanding of social engineering and trust building online, the techniques they use to build authenticity into their scam propositions have started directly influencing a targeted brand's reputation online in the most negative way possible - the loss of a customer's trust into the...
- Blog posts 2008-06-03
- News to know: Apple patches; D6 coverage; Yahoo; Google I/O
- Notable headlines: Ryan Naraine: Mac OS X Leopard mega-patch plugs 41 security holes Jason O'Grady: Apple releases Mac OS 10.5.3 software update Apple: About the Mac OS X 10.5.3 Update Google: Mac OS X 10.5.3: sync Google Contacts Psystar offering new...
- Blog posts 2008-05-29
- Attacks on NFC mobile phones demonstrated
- Yesterday, Collin Mulliner of the trifinite.group, a group of computer experts researching insecurities in wireless communications, has released the slides as well as the research tools he came up with in order to demonstrate various attacks and vulnerabilities in Near Field Communication mobile phones, a technology that will change the...
- Blog posts 2008-05-28
Neighboring Terms
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- Which solar technology will survive?
-
At the Cleantech Forum in San Francisco, Todd Glass of Heller Ehrman moderates a discussion, among tech execs, on the various solar technologies making a difference in the green movement.
- Watch the video >>
- The Cisco Mobility Resource Center is your source for FREE mobility solutions
-
The Cisco Mobility Resource Center offers FREE videos, downloads, podcasts and more, all designed to help small and medium businesses get mobile connectivity solutions, improve productivity and drive sales and revenue.
- New mobility solutions at the Cisco Mobility Resource Center
- BNET Industries
- Check out BNET's newest resource for managers and executives. Need to do research on your competitors? Don't have time to read every trade pub? BNET Industries is the new source for daily news, insights, and research on 11 major industries and 9,000 public companies.
-
- The technology industry from a different angle
-
- See what's hot in the auto industry
-
- Stay on top of the energy industry
