Phishing

=Phishing=

toc Phishing is a relatively new term which is used to describe fraudulent websites that mascarade themselves as other, genuine ones. The creators of these sites use them to get sensitive information from users, such as passwords and credit card numbers. Phishing is essentially a form of online identity theft.

=Common Phishing Techniques=

The most common technique for phishing is to use misspelled domain names. For example, consider http://www.youronlinebank.canada.ca. At first glance, one might assume that they are being directed to their online banking website, however they are sadly mistaken.

In general, the URLs of the phishing sites are often very close to those they mimic; often common misspellings are used in the hope that users will go to the wrong site without noticing.

In an e-mail based phishing attack, an e-mail is often sent to an unsuspecting user, usually disguised as a payment service (i.e. PayPal) or an online bank. Users are then lured to an authentic looking website where they are prompted to enter their private information.

Another sophisticated phishing technique is to use Java Script and Photoshopped images. The Java Script can put images on the screen which cover the actual address bar, so that it seems you are at the authentic website, while the real identity is hidden. =Effects of Phishing=

The effects of phishing range from mild to wild. A person who has been a victim of phishing might only lose access to their Hotmail account whereas another person might be conned out of a substantial amount of money.

“It is estimated that between May 2004 and May 2005, approximately 1.2 million computer users in the United States suffered losses caused by phishing, totaling approximately $929 million USD ([|Wikipedia]).”

=Phishing Prevention=

With phishing on the raise, there has been a response to combat the theft of personal information. The formation of various organizations such as the [|Anti-Phishing Working Group](APWG) are “Committed to wiping out Internet scams and frauds.”

In order to protect yourself, you can keep a few cautionary things in mind.


 * 1) Be wary of websites that look “phishy”.
 * 2) Don’t be so quick to divulge sensitive information such as social insurance numbers or credit card numbers.
 * 3) Respected websites such as PayPal and eBay usually address their customers by their user name, than with generic greetings such as “//Dear Valued eBay Member//”.

References:

"Cute graphics add credibility to fake websites." __NewScientist.com__. 18 Feb. 2006. 21 Feb. 2006 .

__Anti-Phishing Working Group__. 21 Feb. 2006 .

__Wikipedia__. 21 Feb. 2006 .