Phishing
Essay by 24 • November 25, 2010 • 1,980 Words (8 Pages) • 1,631 Views
Phishing
The Oxford pocket dictionary defines phishing is the activity of defrauding an online account holder of financial information by posing as a legitimate company. This is what phishing is known for now in today’s internet driven world but it was not always the case. Phishing actually predates computers. Some people did it over the phone for years and they called it social engineering.
So why would someone think of phishing some one? There is a simple reason; to exploit people. These people are commonly known as scam artists. What these phishers normally do is send out millions of scam emails posing as something or someone who they are not. Normally they hope for a few people who received the email to respond to them by clicking the fake website and provide them with financial and or personal information. Also, anyone who has an email address is at risk of being phished. People can increase their risk of being targeted if their email is posted on a forum or website. The people phishing can also get many more email addresses by using a spider. A spider is something that searches through many websites and saves an innumerable number of email addresses, every one it can find. So in a nut shell, phishing is very profitable for criminals because, they can attain millions of email addresses and potentially set them up for an attack at relatively no cost to themselves (Beal, 2006).
There are some key factors and elements that one needs to help recognize if they are being phished. This scam often has three key elements or factors that will come about when someone is planning an attack. First, when checking your email and look to see who the email is sent from. It will often be from a legitimate company’s address. If the email address looks suspicious then be wary, but this is an easy obstacle for phishers to climb over. It is very quick and easy for someone to change the “from field” in most email clients to trick the person receiving the emails. Second, the email almost always will contain very similar images or logos that have been copied off of the real company’s website. Third, upon opening the email, it will have a link along with text saying you should click the following link to make sure the personal information is correct. When trying to determine if you are part of a phishing experiment, there are many little things you might want to notice. These include spelling errors, unknown email addresses in text, and often the email headers can have absolutely nothing to do with the company that the email implies to the recipient (Beal, 2006).
Being aware of phishing is an important concept people should try to understand. First of all, you do not need to click the text or URL that is stated in the email. If you see a suspicious email, you should delete the email promptly. After deleting the email from your inbox, you should delete your trash can as well. Often you can block the email addresses that are sending you these risky emails. If the message or email looks very legitimate you still need to remember to never click the link or URL in the email. To make sure you are going to the website you anticipated, you should open up your web browser and type in the website manually. Then proceed to type in your personal information on the legitimate website (Beal, 2006).
It is very important to know what to do if you do find a suspicious email that is targeting you to be phished. First, you should notify the company that there are suspicious emails in regard to their company. Often companies will want to know if anyone is using this “phishing” technique with their company’s name. Also, if you find a phishing email you should report the phishing to the Federal Trade Commission. Many local police and investigators also take care and deal with internet phishing (Beal, 2006).
Now that phishing is becoming more common, criminals and scam artists are finding newer ways of targeting innocent people. A new, but becoming more common way of targeting people is the use of phishing and malware combined. Malware makes it where someone has control of the computer being targeted. Social engineering is often a very big part malware. So how does someone get control using malware? People can get control by attaching harmful attachments through emails. In the end, the user of the computer will execute a harmful file or software, and then from there, many different things can be downloaded. Even something as simple as accepting a license agreement can easily download and install malware. There is however a very slow and sometimes pain taking processes of sorting through the megabytes of data that have been collected in this form of attaining information. By combining malware with phishing, much vulnerability exists. The vulnerabilities can turn into things such as worms, viruses, and getting personal information. People often do not realize the effect of malware and phishing and what it can turn into. People would rather not clean up their computer because it could be expensive and require effort, so rather they just leave there computer with spyware, malware, and phishing attacks. However, in the long run, this can often lead to a very serious threat of losing larger sums of money (Beal, 2006).
The New York Times had a very good article on phishing in March of 2004. Phishing was a problem then but has dramatically increased in prevalence and is one of the most common types of internet fraud. Apparently a large percentage of the many phishing attmepts are from email messages originating from computers in Russia, Asia and other Eastern European countries. These emails are becoming more and more advanced and like the real company emails (Hansell, 2004). 282 separate cases of phishing emails were reported to the Anti-Phishing Working group. Some of the most common phishing scams are those dealing with PayPal, and Ebay (Hansell, 2004).
Phishing is quite simple and newer technology is only making it easier. Take this story in the New York Times for example:
Alec Scott Papierniak, 10, a college student in Mankato, Minn., pleaded guilty to wire fraud. He had sent people e-mail messages with a small program attached that purported to be a “security update” from PayPal. The program monitored the user’s activity and reported their Papal user names and passwords back to Mr. Papeirniak. Prosecutors say that at least 150 people installed the software, enabling Mr. Papierniak to steal $35,000 (Hansell, 2004).
One man in Romania was convicted of stealing nearly half a million dollars and is now serving 30 months in a Romanian prison (Hansell, 2004).
There are many examples and testimonials all
...
...