Phishing
"Phishing" is the name given to a different type of scam. Phishing is where someone contacts you posing as working for a trusted institution such as your bank and asking for some specific information, perhaps your bank account number, credit card number etc.
Here is an example - quite a disturbing one - which shows just how good some of these phishing attempts are:
Notice the entire thing looks genuine. The email had the subject "Verify your details with eBay", the sender was "mailto:eBay%20Inc%20[custservice_ref_132817697@ebay.com]" - again something which looks real. However ebaY don't send emails like this - particularly as the whole body of the email was a graphic which when clicked took you to a page not on ebaY's site. Incidentally the URL visible in the text above is real and genuine, but cannot be clicked or copied as it is simply part of a graphic. (Try it - you're quite safe with the copy above.) However a click on any part of the original graphic takes you to a website which exists only to mislead and steal important data from you.
Tip - in the original email my cursor changed to the hand icon - or whatever you get when you hover your mouse over one of the links on this site - no matter where I pointed in the body of the email - that's a clue something is not as it appears.
Here's another example someone just passed to me:
Subject: Attention! Several VISA Credit Card bases have been LOST! Date: Thu, 23 Feb 2006 18:25:56 -0500 From: VISA Card Support <VisaService@visa.com> To: <name removed for privacy>
Good afternoon, unfortunately some processings have been cracked by hackers, so a new secure code to protect your data has been introduced by Visa. You should check your card balance and in case of suspicious transactions immediately contact your card issuing bank. If you don't see any suspicious transactions, it doesn't mean that the card is not lost and cannot be used. Probably, your card issuers have not updated information yet. That is why we strongly recommend you to visit our website and update your profile, otherwise we cannot guarantee stolen money repayment. Thank you for your attention. Click here and update your profile.
Clicking the "here" bit above would attempt take you to a website: www.visaeur.com/lostvisa/ - which looks very similar to a Visa Europe site at a quick glance. I wasn't able to view the site by the time I had the message but I expect it would look very real and require you to enter card details. If you get things like this, go directly to what you know is the real card site, not one you have clicked on in some email.
While we on this and just to be clear, you should never send account details via email, even if it looks like your bank or other financial institution which seems to be asking. When you get emails which ask you to reply with this sort of detail, just ask yourself "Why would they want to know that?" and keep your details confidential. If you're convinced it is the bank then try phoning them rather than replying to the email.
The same advice applies to phone calls by the way; if someone calls claiming to be from your bank and asking you to confirm who you are by the security questions, don't answer the questions. Instead try asking them why you should trust them, can they prove who you are. Normally you phone your bank and so you know that whoever answers should work for the bank, but when someone calls you, you don't have that same comfort factor. (Obviously if you're expecting a call back from the bank this will make a difference.)
Here's a definition I found on Webopedia:
fish´ing) (n.) The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user’s information. For example, 2003 saw the proliferation of a phishing scam in which users received e-mails supposedly from eBay claiming that the user’s account was about to be suspended unless he clicked on the provided link and updated the credit card information that the genuine eBay already had. Because it is relatively simple to make a Web site look like a legitimate organizations site by mimicking the HTML code, the scam counted on people being tricked into thinking they were actually being contacted by eBay and were subsequently going to eBay’s site to update their account information. By spamming large groups of people, the “phisher” counted on the e-mail being read by a percentage of people who actually had listed credit card numbers with eBay legitimately.
Phishing, also referred to as brand spoofing or carding, is a variation on “fishing,” the idea being that bait is thrown out with the hopes that while most will ignore the bait, some will be tempted into biting.
Other forms: phish (v.)
Also see the All About Phishing page in the "Did You Know? section of Webopedia for more information, including examples, of phishing.
There are a number of other websites where you can learn more about Phishing if you'd like. One of them is the Anti-Phishing Working Group's website:
Here is the definition of Phishing from their home page: http://www.antiphishing.org/index.html
Phishing attacks use both social engineering and technical subterfuge to steal consumers' personal identity data and financial account credentials. Social-engineering schemes use 'spoofed' e-mails to lead consumers to counterfeit websites designed to trick recipients into divulging financial data such as credit card numbers, account usernames, passwords and social security numbers. Hijacking brand names of banks, e-retailers and credit card companies, phishers often convince recipients to respond. Technical subterfuge schemes plant crimeware onto PCs to steal credentials directly, often using Trojan keylogger spyware.
Click a link below to go to the next subject:
Can't find what your looking for? Try Google Search: |