Pronounced "fishing," it is a scam to steal valuable information such as credit card and social security numbers, user IDs and passwords. Also known as "brand spoofing," an official-looking e-mail is sent to potential victims pretending to be from their bank or retail establishment. E-mails can be sent to people on selected lists or any list, expecting some percentage of recipients will actually have an account with the organization.
E-Mail Is the "Bait"
The e-mail states that due to internal accounting errors or some other pretext, certain information must be updated to continue your service. A link in the message directs the user to a Web page that asks for financial information. The page looks genuine, because it is easy to fake a valid Web site. Any HTML page on the Web can be copied and modified to suit the phishing scheme. Rather than go to a Web page, another option is to ask the user to call an 800 number and speak with a live person, who makes the scam seem even more genuine.
Anyone Can Phish
A "phishing kit" is a set of software tools from phishing developers that help the novice phisher copy a target Web site and make mass mailings. It may even include lists of e-mail addresses (how thoughtful of people to create these kits!). In the meantime, if you suspect a phishing scheme, you can report it to the Anti-Phishing Working Group at www.antiphishing.org. See pharming, vishing, smishing and twishing.
The "Spear" Phishing Variant
Spear phishing is more targeted and personal. The e-mail supposedly comes from someone in the organization everyone knows such as the head of human resources. It could also come from someone not known by name, but with a title of authority such as a LAN administrator. Once one employee falls for the scheme and divulges sensitive information, it can be used to gain access to more of the company's resources.
E-Mail Is the "Bait"
The e-mail states that due to internal accounting errors or some other pretext, certain information must be updated to continue your service. A link in the message directs the user to a Web page that asks for financial information. The page looks genuine, because it is easy to fake a valid Web site. Any HTML page on the Web can be copied and modified to suit the phishing scheme. Rather than go to a Web page, another option is to ask the user to call an 800 number and speak with a live person, who makes the scam seem even more genuine.
Anyone Can Phish
A "phishing kit" is a set of software tools from phishing developers that help the novice phisher copy a target Web site and make mass mailings. It may even include lists of e-mail addresses (how thoughtful of people to create these kits!). In the meantime, if you suspect a phishing scheme, you can report it to the Anti-Phishing Working Group at www.antiphishing.org. See pharming, vishing, smishing and twishing.
The "Spear" Phishing Variant
Spear phishing is more targeted and personal. The e-mail supposedly comes from someone in the organization everyone knows such as the head of human resources. It could also come from someone not known by name, but with a title of authority such as a LAN administrator. Once one employee falls for the scheme and divulges sensitive information, it can be used to gain access to more of the company's resources.
 | Reproduced with permission from Computer Desktop Encyclopedia. Copyright (c) 1981-2009 The Computer Language Company Inc. All rights reserved. |
Additional Resources
- America Online (AOL) 9.5 (Windows)
- Popular Internet service that allows you to send email, chat, and view your own personal profile. AOL email makes it easy to stay in touch with friends, family and business associates. You get unlimited storage, and it's a snap to add personality to emails with customized fonts, colors, stationery and...
- Software downloads 2009-11-04
- iHacked: jailbroken iPhones compromised, $5 ransom demanded
- Yesterday, a "Your iPhone's been hacked because it's really insecure! Please visit doiop.com/iHacked and secure your phone right now!" message popped up on the screens of a large number of automatically exploited Dutch iPhone users, demanding $4.95 for instructions on how to secure their iPhones and remove the message from...
- Blog posts 2009-11-03
- 1Password 3.0.0.BETA-83 (Mac)
- 1Password is a Password Manager that uniquely brings you both Security and Convenience. It is the only program that provides Anti-Phishing protection and goes beyond password management by adding Web Form Filling and Automatic Strong Password Generation. All your confidential information, including passwords, identities, and credit cards, is kept in...
- Software downloads 2009-11-03
- Scams surfacing on Twitter, Facebook
- Twitter users warned about direct messages that said: "I make money online with google. i learned how here [link]." Facebook users were getting a bogus link from a friend. Twitter and Facebook users were getting hit with scams on Monday. Twitter users warned about direct messages...
- News items 2009-11-02
- ZoneAlarm Internet Security Suite 2010 9.1.008 (Windows)
- ZoneAlarm Internet Security Suite is an essential antivirus, anti-spyware, and firewall protection for your PC. The OSFirewall monitors changes within your computer to spot and stop new attacks that bypass traditional anti-virus protection. The Advanced Download Protection analyzes browser downloads in three unique ways before they can infect your PC...
- Software downloads 2009-11-02
- AntispamSniper for Outlook Express 3.2.2.1 (Windows)
- AntispamSniper for Outlook Express provides a professional antispam and anti-phishing protection for your mailbox. The unique combination of several methods for automatic email classification shows excellent filtering quality for all kinds of spam, including graphical spam with random text. The plug-in has a built-in option which allows spam deletion from...
- Software downloads 2009-11-01
- Phishing experiment sneaks through all anti-spam filters
- Not mine.My e-mail address is not known to spammers and I haven't received spam ever since my Hosted Exchange provider uses a Barracuda Spam Filter.Sorry, you can't take advantage of my trust unless I know you for years -- even decades. :)And by the way, please mind your feelings as...
- Discussion threads 2009-10-29
- Phishing experiment sneaks through all anti-spam filters
- A recently conducted ethical phishing New study details the dynamics of successful phishing experiment impersonating LinkedIn by mailing invitations coming from Bill Gates, has achieved a 100% success rate in bypassing the anti-spam filters it was tested against. The experiment emphasizes on how small-scale spear phishing campaigns...
- Blog posts 2009-10-29
- Facebook users targeted by Zeus banking Trojan
- Is it safe to assumethat this threat can happen on any OS/Browser desktop or mobile?Yes but...various Stallman cultist and Job cultist will try to argue that either Linux or MacOSX are immune to this because of a so called superior BSD security model or something along this line.Windows only?The Trojan...
- Discussion threads 2009-10-29
- Facebook users targeted by Zeus banking Trojan
- Users of the popular social network are being tricked into revealing their passwords and downloading a Trojan that steals financial data. Here's how... On the heels of one fake Facebook e-mail scam, a researcher warned on Wednesday of another such campaign in which users of the popular social network...
- News items 2009-10-29
- WOT for Firefox 20091028 (Windows)
- Keep yourself safe from spyware, adware, spam, viruses, browser exploits, unreliable online shops, phishing, and other Internet scams. With the free WOT browser add-on, you can easily see the reliability of companies and websites. WOT will warn you and save your computer before you interact with a harmful site. WOT,...
- Software downloads 2009-10-29
- Netgate Internet Security 3.0.205 (Windows)
- Netgate Internet Security, a bundle comprising of FortKnox Personal Firewall and Spy Emergency, is a complete security protection solution against all of the most serious Internet threats, including spyware, viruses, adware, trojans, worms, rootkits, phishing, spam and hackers consisting of anti-spyware, anti-virus, anti-spam, anti-rootkit, anti-phishing and firewall technologies. With built-in...
- Software downloads 2009-10-27
- AVG Anti-Virus 9.0.700 (Windows)
- AVG Anti-Virus 9.0 is faster, safer and easier to use. The combined anti-virus/anti-spyware scanner in AVG Anti-Virus 9.0 runs up to 50% faster than earlier versions. It is rock solid protection that doesn't get in your way. AVG Anti-Virus 9.0 also delivers new anti-phishing detection techniques, which can quickly and...
- Software downloads 2009-10-27
- Privatefirewall 7.0.20.31 (Windows)
- Privatefirewall is a Personal Firewall and Host Intrusion Prevention application designed to help individuals and businesses protect Windows desktops and servers from malware and unauthorized use. Privatefirewall addresses the operating system and application level vulnerabilities and intrusion techniques that hackers exploit to gain access and cause damage to private systems...
- Software downloads 2009-10-23
- AVG Anti-Virus Free Edition 9.0.698 (Windows)
- AVG Anti-Virus Free Edition is an anti-virus protection tool available free of charge to home users. Rapid virus database updates are available for the lifetime of the product, thereby providing the high level of detection capability. The new 9.0 edition is faster, safer and easier to use. AVG Anti-Virus Free...
- Software downloads 2009-10-22
- Rapport 3.5.0909.12 (Windows)
- Rapport detects and prevents Man-in-the-Browser, Man-in-the-middle, phishing, and other attacks launched directly against the user. The Rapport service includes a lightweight browser security plug-in, as well as cloud-based analysis and reporting services. The browser plug-in works with all major browsers, including Internet Explorer, Firefox, Safari, and Chrome. When users browse...
- Software downloads 2009-10-22
- MailWasher Pro (German) 6.53 (Windows)
- MailWasher Pro allows you to preview multiple e-mail accounts and all aspects of your e-mail on the server before you download it to your computer, thus protecting you from spam, viruses, phishing attacks, and other nuisances. The program also learns what kind of e-mail you want to receive and adapts...
- Software downloads 2009-10-22
- Firefox's crossroads: Cutting-edge or mainstream?
- Chrome burst onto the scene?More like tiptoed in and took a seat in the corner. The only thing Chrome brings to the table is a little bit more speed. They have to do better than that! Just a little bit more speed, eh?When Chrome launched no other browser...
- Discussion threads 2009-10-21
- PC Tools Internet Security 2010 7.0.0.508 (Windows)
- PC Tools Internet Security delivers powerful protection against online threats, incorporating antispyware, antivirus, antispam and firewall components into a flexible and intuitive security solution. State Awareness Modes intuitively detect how you are using your PC and adjust to minimize performance impact and reduce interruptions. Integrates ThreatFire Behavioral Intelligence to block...
- Software downloads 2009-10-21
- Microsoft: Human error caused critical SMB2 vulnerability
- did not explain why the fix was not back-ported to Windows Vista and other That very bad. I was wondering this myself when news broke that Win 7 was not vulnerable.What were they thinking? Fixing a bug and "forgetting" that other versions may actually be vulnerable?Or had they actually recorded...
- Discussion threads 2009-10-19
Neighboring Terms
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
SmartPlanet
- Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
- More from IBM
-
- Can your business work smarter? Learn more about Lotus Symphony
- Learn how to work smarter and optimize cost using the IBM Smart SOA approach Download the eBook
- Smarter ways to make smarter products Read the brief from IBM
