Phishing

The internet, like many things in life, has its share malicious concepts and scams. Some of them include Spam, Spyware, Viruses, and Phishing. The first time I heard about internet phishing I thought to myself - what a wonderful concept; a happy trip to a blue lagoon on my computer screen where I can sit back and enjoy the virtual view... Little did I know it was referring to a virtual hook, line, and sinker - and I was the fish.

Phishing is the act of sending or presenting an authentic looking link from a legitimate organization to a user in hopes that the user will click it. Once you click the link, you will be taken to a web site that looks genuine, but is being used for the purpose of identity theft. This is where the term phishing comes from; criminals set out the bait and see who will bite.

Phishing is all about presenting the user with something that looks real in order to lure them into revealing sensitive information. We all have websites we visit frequently and are familiar with the way they look; whether it's online banking, eBay, or even your homepage. Scam artists take advantage of this with a scenario that goes like this: you get an email that looks like it's coming from your bank asking you to verify your information or an account password. You click on the link in the email to perform this operation, log in as you normally would, only to get a message that the server is temporarily down. By this point, you have probably revealed your personal information and security passwords to someone that set up a fake website that looked like your banking page. That person can now transfer your funds out of your account and into theirs.

Another example of this scam in action would be if you receive an email from eBay requesting that you log into your account and update some information. This email will contain a link and without thinking twice, you may click it and go about the task requested without questioning it. Why not? - everything seemed real.

Can you spot where the security flaw is in the example above? If you haven't guessed it already, the problem lies in the fact that you click the link that came with the email. Yes - the link that you clicked appeared to take you to eBay's site, and even looked the same as it always does. It's not. You've just been pulled into a scam.

How can you stop phishing? You can't stop others from phishing, but you can keep yourself from getting caught. Faking an email is a little easier than faking letterhead but the same kind of scam could be done through the mail system as well. You could receive a letter that asks you to call a special phone number and give your username, account number and password to the person on the other end. That number you call doesn't have to be the company you think you're calling, they could certainly sound like it, though.

The key to not being a victim in pretty much any scam is awareness. Understand this: no legitimate website will ever ask you to "Verify your information" or "Update our records" through an email. Always treat everything you receive through email as suspect, no matter how legitimate it looks. We're quite serious about this. If you find yourself entering personal information into a form that you got to through an email, stop right away and try and go to the website that you think that you're entering the information into manually. Either type the address of the website into the address bar of your browser, open a favorite that you have set for that website or call them and ask if they are asking for this information. You will quickly find that no legitimate website will ask you to update or verify sensitive data in this manner.

If you have doubts that this will never happen to you, check out this article that was recently released that shows how phishing is rapidly becoming the mainstream choice for identity theft:
http://www.thestandard.com/movabletype/datadigest/archives/000440.php