"PHISHING" - Not Your Typical Past Time Activity
Phishing is becoming a common place in the fraud world today. For those of you that haven't heard the term before (it has absolutely nothing to do with fish), phishing is an attempt to fraud people into surrendering private information that will be used for identity theft or other fraud.
How does it work?
The "phisher" falsely claims to be an established legitimate enterprise and uses email to direct the user to visit a website where they are asked to update personal information such as passwords, credit card, social security, and bank account numbers which the real legitimate organization already has. The websites that are used are bogus and set up only to steal the user's information.
Why does it work?
This scam uses social engineering - a non-technical intrusion that relies heavily on human interaction and often involves tricking people into breaking normal security procedures. It seems to be working well, as the response rate is estimated at between 5% and 20%.
Some of the more popular phishing methods are as follows:
- User of the legitimate company's domain name in the "from" portion of the "BAIT" email: @ebay.com, @paypal.com, @citibank.com
- Creating a plausible and persuasive premise: account alert, update your information, denial of service attack/lost data, mandatory password change, etc.
- Link to websites for gathering information
- Faking a secure connection: https://(secure connection); http://(non-secure)
Some advice to avoid becoming the next victim. If you're not a customer of a company that appears to be sending you an email, ignore it. Even if you are a customer, never respond directly to the email with personal or financial information. NEVER enter a website from an email link. Check your statements - if you notice anything irregular on your bank account contact your bank immediately.
Awareness is the key. The more you know and share with others, the less chance you have of being caught "hook, line, and sinker."