| |
|
Phishing, also referred to as brand spoofing or
carding, is a variation on “fishing,” the idea being
that bait is thrown out with the hopes that while most
will ignore the bait, some will be tempted into biting.
Phishing is the act of sending an e-mail to a user
falsely claiming to be an established legitimate
enterprise in an attempt to scam the user into
surrendering private information that will be used for
identity theft.
The e-mail directs the user to visit a Web site where
they are asked to update personal information, such as
passwords and credit card, social security, and bank
account numbers, that the legitimate organization
already has. The Web site, however, is bogus and set up
only to steal the user’s information. For example, 2003
saw the proliferation of a phishing scam in which users
received e-mails supposedly from eBay claiming that the
user’s account was about to be suspended unless he
clicked on the provided link and updated the credit card
information that the genuine eBay already had. Because
it is relatively simple to make a Web site look like a
legitimate organizations site by mimicking the HTML
code, the scam counted on people being tricked into
thinking they were actually being contacted by eBay and
were subsequently going to eBay’s site to update their
account information. By spamming large groups of people,
the “phisher” counted on the e-mail being read by a
percentage of people who actually had listed credit card
numbers with eBay legitimately.
Webopedia
Trivia:
The word
phishing comes from the analogy that Internet scammers
are using e-mail lures to fish for
passwords and financial data from the sea of
Internet users. The term was coined in 1996 by hackers
who were stealing AOL Internet accounts by scamming
passwords from unsuspecting AOL users. Since hackers
have a tendency to replacing "f" with "ph" the term
phishing was derived.
|
|
