Our brief guide to Phishing
by Mat Bright
Remember the Phone Phreaks?
It was a term used to describe those that hacked the telephone system back in the 1970s and the same symbolic replacement of the 'f' has passed on to email fraudsters who 'fish' for web users' identity details.
Phishing is a term used to describe the action of assuming the identity of a legitimate organisation, or web site, using forged email and/or web pages and with a view to convince consumers to share their user names, passwords and personal financial information for the purpose of using it to commit fraud. This is also and often refered to as Identity Theft.
Phishing is a relatively new expression, having been found to have been used in a newsgroup as early as 1996 and in the media in 1997. Since then a plethora of phishing scams have crossed our desks here at MillerSmiles.co.uk and our Library of Scams has many examples with images of both the forged emails and web pages.
Many of the major web sites have been the subject of these phishing scams...
Some of these sites refer to these forgeries as spoof email, which is perhaps a more 'consumer friendly' term. These spoof emails are distributed just like spam and to anyone whose email address is on the scammers' lists, whether they are a user of that particular site or not. Sites hit by these scams have included...
The vast majority of phishing scams consist of...
...a forged email which links to a forged web page or site. The email text urges you to complete an essential procedure by using a link which opens a forged web page. That essential procedure has included account verification, invalid credit/debit card details, attempted hacking of your accont, prize draws and account suspension, to name but a few. In many cases, the email has included a worm virus which creates a browser type form rather than opening a web page (such as the Mimail worm).
For many months, this was made easier for the perpetrators when a bug was found in Internet Explorer browsers which allowed a fake URL to be shown in the browser's address bar while a forged page was being viewed. Scammers had rich pickings until Microsoft issued a patch in February 2003.
The forged web pages usually contain a form to provide the information that the scammers want to use to commit fraud. This usually includes use of the victims' credit/debit card to open online accounts and hijacking of online accounts to steal money. For instance, eBay users have had their accounts hijacked in this manner while the scammers use the accounts to list high value items, receive payments from hopeful buyers but never send the goods. Other victims have had their credit rating and financial livelihood destroyed when their identity has been used to raise finance, while others have seen their credit or debit cards used by others to buy goods online.
Avoid becoming a victim of a Phishing Scam by following these simple rules ...
Be good, be careful and be aware.
More on Phishing ...
© Copyright 2003-2005
Oxford Information Services Ltd All Rights Reserved
All other logos and trademarks in this site are property of their respective owners