Pronounced "fishing," it is a scam to steal valuable information such as credit card and social security numbers, user IDs and passwords. Also known as "brand spoofing," an official-looking e-mail is sent to potential victims pretending to be from their bank or retail establishment. E-mails can be sent to people on selected lists or any list, expecting some percentage of recipients will actually have an account with the organization.
E-Mail Is the "Bait"
The e-mail states that due to internal accounting errors or some other pretext, certain information must be updated to continue your service. A link in the message directs the user to a Web page that asks for financial information. The page looks genuine, because it is easy to fake a valid Web site. Any HTML page on the Web can be copied and modified to suit the phishing scheme. Rather than go to a Web page, another option is to ask the user to call an 800 number and speak with a live person, who makes the scam seem even more genuine.
Anyone Can Phish
A "phishing kit" is a set of software tools from phishing developers that help the novice phisher copy a target Web site and make mass mailings. It may even include lists of e-mail addresses (how thoughtful of people to create these kits!). In the meantime, if you suspect a phishing scheme, you can report it to the Anti-Phishing Working Group at www.antiphishing.org. See pharming, vishing, smishing and twishing.
The "Spear" Phishing Variant
Spear phishing is more targeted and personal. The e-mail supposedly comes from someone in the organization everyone knows such as the head of human resources. It could also come from someone not known by name, but with a title of authority such as a LAN administrator. Once one employee falls for the scheme and divulges sensitive information, it can be used to gain access to more of the company's resources.
E-Mail Is the "Bait"
The e-mail states that due to internal accounting errors or some other pretext, certain information must be updated to continue your service. A link in the message directs the user to a Web page that asks for financial information. The page looks genuine, because it is easy to fake a valid Web site. Any HTML page on the Web can be copied and modified to suit the phishing scheme. Rather than go to a Web page, another option is to ask the user to call an 800 number and speak with a live person, who makes the scam seem even more genuine.
Anyone Can Phish
A "phishing kit" is a set of software tools from phishing developers that help the novice phisher copy a target Web site and make mass mailings. It may even include lists of e-mail addresses (how thoughtful of people to create these kits!). In the meantime, if you suspect a phishing scheme, you can report it to the Anti-Phishing Working Group at www.antiphishing.org. See pharming, vishing, smishing and twishing.
The "Spear" Phishing Variant
Spear phishing is more targeted and personal. The e-mail supposedly comes from someone in the organization everyone knows such as the head of human resources. It could also come from someone not known by name, but with a title of authority such as a LAN administrator. Once one employee falls for the scheme and divulges sensitive information, it can be used to gain access to more of the company's resources.
 | Reproduced with permission from Computer Desktop Encyclopedia. Copyright (c) 1981-2009 The Computer Language Company Inc. All rights reserved. |
Additional Resources
- AntispamSniper For Outlook 3.2.2.1 (Windows)
- AntispamSniper for Outlook provides a professional antispam and anti-phishing protection for your mailbox. The plug-in filters POP3, IMAP, and Exchange accounts. The unique combination of several methods for automatic e-mail classification shows excellent filtering quality for all kinds of spam, including graphical spam with random text. The plug-in has a...
- Software downloads 2009-11-20
- 1Password 3.0 (Mac)
- 1Password is a Password Manager that uniquely brings you both Security and Convenience. It is the only program that provides Anti-Phishing protection and goes beyond password management by adding Web Form Filling and Automatic Strong Password Generation. All your confidential information, including passwords, identities, and credit cards, is kept in...
- Software downloads 2009-11-19
- Online Armor 4.0.0.10 (Windows)
- Online Armor Premium Firewall safeguards your funds, identity and data on your PC weather you're browsing, transacting or receiving email. Online Armor Premium comes with "Banking Mode" that secures your internet banking session therefore protecting you from keyloggers and Phishing techniques that might want to either record your login details...
- Software downloads 2009-11-14
- Scammers trick users to ship stolen goods
- RSA FraudAction Research Lab has uncovered the workings behind a recent re-shipping scam in which U.S. residents were used as mules to send goods purchased with stolen credit card numbers overseas. RSA FraudAction Research Lab has uncovered the workings behind a recent re-shipping scam in which U.S. residents were...
- News items 2009-11-12
- AVG Anti-Virus 9.0.704 (Windows)
- AVG Anti-Virus 9.0 is faster, safer and easier to use. The combined anti-virus/anti-spyware scanner in AVG Anti-Virus 9.0 runs up to 50% faster than earlier versions. It is rock solid protection that doesn't get in your way. AVG Anti-Virus 9.0 also delivers new anti-phishing detection techniques, which can quickly and...
- Software downloads 2009-11-11
- AVG Anti-Virus Free Edition 9.0.704 (Windows)
- AVG Anti-Virus Free Edition is an anti-virus protection tool available free of charge to home users. Rapid virus database updates are available for the lifetime of the product, thereby providing the high level of detection capability. The new 9.0 edition is faster, safer and easier to use. AVG Anti-Virus Free...
- Software downloads 2009-11-11
- ZoneAlarm Extreme Security 2010 9.1.008 (Windows)
- ZoneAlarm Extreme Security is a comprehensive suite protecting your PC, your browser, and your data. The OSFirewall monitors changes within your computer to spot and stop new attacks that bypass traditional anti-virus protection. The Advanced Download Protection analyzes browser downloads in three unique ways before they can infect your PC...
- Software downloads 2009-11-10
- Counting vulnerabilities is pointless
- Suddenly it doesn't matter any more? Vulnerability count is an indication of software qualityIt goes directly to the process the vendor went through to root out vulnerabilities before shipping. At least if you compare products with the same general purpose and which receives the same amount of scrutiny.Time to fix...
- Discussion threads 2009-11-09
- IEWall 2.0 build 1012 (Windows)
- IEWall software is an award-winning, browser security utilities that gives safety advice about website BEFORE you click on a risky site, Support all web browser include IE6/7/8 Firefox Opera Chrome Safari. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. IEWall can...
- Software downloads 2009-11-09
- House bill calls for ISPs to block some fake financial sites
- Good grief!Now the BIG LETHARGIC Gov is going to tell people what sites they can go to and tell ISP's to block them???GOOD GRIEF! It is out of control, 2010 is coming and these socialist will be sent back home... AHHHH the sound of 1984 is very much alive..and well...
- Discussion threads 2009-11-05
- America Online (AOL) 9.5 (Windows)
- Popular Internet service that allows you to send email, chat, and view your own personal profile. AOL email makes it easy to stay in touch with friends, family and business associates. You get unlimited storage, and it's a snap to add personality to emails with customized fonts, colors, stationery and...
- Software downloads 2009-11-04
- iHacked: jailbroken iPhones compromised, $5 ransom demanded
- Yesterday, a "Your iPhone's been hacked because it's really insecure! Please visit doiop.com/iHacked and secure your phone right now!" message popped up on the screens of a large number of automatically exploited Dutch iPhone users, demanding $4.95 for instructions on how to secure their iPhones and remove the message from...
- Blog posts 2009-11-03
- Scams surfacing on Twitter, Facebook
- Twitter users warned about direct messages that said: "I make money online with google. i learned how here [link]." Facebook users were getting a bogus link from a friend. Twitter and Facebook users were getting hit with scams on Monday. Twitter users warned about direct messages...
- News items 2009-11-02
- ZoneAlarm Internet Security Suite 2010 9.1.008 (Windows)
- ZoneAlarm Internet Security Suite is an essential antivirus, anti-spyware, and firewall protection for your PC. The OSFirewall monitors changes within your computer to spot and stop new attacks that bypass traditional anti-virus protection. The Advanced Download Protection analyzes browser downloads in three unique ways before they can infect your PC...
- Software downloads 2009-11-02
- AntispamSniper for Outlook Express 3.2.2.1 (Windows)
- AntispamSniper for Outlook Express provides a professional antispam and anti-phishing protection for your mailbox. The unique combination of several methods for automatic email classification shows excellent filtering quality for all kinds of spam, including graphical spam with random text. The plug-in has a built-in option which allows spam deletion from...
- Software downloads 2009-11-01
- Phishing experiment sneaks through all anti-spam filters
- Not mine.My e-mail address is not known to spammers and I haven't received spam ever since my Hosted Exchange provider uses a Barracuda Spam Filter.Sorry, you can't take advantage of my trust unless I know you for years -- even decades. :)And by the way, please mind your feelings as...
- Discussion threads 2009-10-29
- Phishing experiment sneaks through all anti-spam filters
- A recently conducted ethical phishing New study details the dynamics of successful phishing experiment impersonating LinkedIn by mailing invitations coming from Bill Gates, has achieved a 100% success rate in bypassing the anti-spam filters it was tested against. The experiment emphasizes on how small-scale spear phishing campaigns...
- Blog posts 2009-10-29
- Facebook users targeted by Zeus banking Trojan
- Is it safe to assumethat this threat can happen on any OS/Browser desktop or mobile?Yes but...various Stallman cultist and Job cultist will try to argue that either Linux or MacOSX are immune to this because of a so called superior BSD security model or something along this line.Windows only?The Trojan...
- Discussion threads 2009-10-29
- Facebook users targeted by Zeus banking Trojan
- Users of the popular social network are being tricked into revealing their passwords and downloading a Trojan that steals financial data. Here's how... On the heels of one fake Facebook e-mail scam, a researcher warned on Wednesday of another such campaign in which users of the popular social network...
- News items 2009-10-29
- WOT for Firefox 20091028 (Windows)
- Keep yourself safe from spyware, adware, spam, viruses, browser exploits, unreliable online shops, phishing, and other Internet scams. With the free WOT browser add-on, you can easily see the reliability of companies and websites. WOT will warn you and save your computer before you interact with a harmful site. WOT,...
- Software downloads 2009-10-29
Neighboring Terms
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- New Online Dashboard for IT Leaders
-
Read about top issues IT decision-makers face every day, plus get cost-effective solutions to real-life IT problems.
- Learn more >>
- Learn more about tools to grow your business
-
The Business Essentials Guide provides you useful tools and templates to help grow your business and save you time with automated shipping solutions.
- Save time with the UPS Business Essentials Guide
- The best support in the Linux business
-
If Linux is going to power your mission-critical applications, you'd better have the best support known to business. Novell was rated the top provider of Linux technical support.
- Learn more >>
- Keep Up With The Latest In Document Management with The DocuMentor.
-
Doc delivers the scoop on today's enterprise content management, printer maintenance, and all other issues related to document management. It's the DocuMentor Blog.
- Learn more >>
SmartPlanet
- Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
- More from IBM
-
- Can your business work smarter? Learn more about Lotus Symphony
- Learn how to work smarter and optimize cost using the IBM Smart SOA approach Download the eBook
- Smarter ways to make smarter products Read the brief from IBM
