Computer Knowledge

Search this site or the Internet.

Hot Topics

Please see the CKnow Home Page for a list of current hot topics.

Hot Utilities

Utilities that may help you...

Registry Booster [more]
Free registry scan.
SpeedUpMyPC [more]
Auto maximize performance.
Registry Mechanic [more]
Registry clean, repair & optimize.
Spyware Doctor [more]
Three-way spyware protection.
Associate This [more]
A file extension manager.
TrID [more]
Identify hundreds of file types!
Free Tech Magazines [more]
No charge. No catch. No kidding.

Notes

DewaHost offers premium Web hosting service starting from $8.95/month and a high speed file hosting service - FileBurst!

CKnow does NOT spam.
E-mail is easily forged.

Phishing

(FISHing)

Phishing is an attempt to use social engineering and/or technical subterfuge to steal either personal identity or financial account details from a consumer in order to use that information to steal the consumer's identity and/or money. These attacks are broad-based in nature. Sometimes the data is just collected to be sold to others for exploitation.

The word derives from a "fishing expedition" that generally means methods of obtaining information. The "Ph" is a common replacement for "F" by hackers. This is in homage to the original hacking form: phreaking, a term coined by John Draper (aka "Captain Crunch") who brought hacking to light with the Blue Box, a device he used to hack into the telephone system in the early 1970 timeframe. Use of the Blue Box was known as "Phone Phreaking."

Phishing as a term, started around 1996 and was used to describe hackers who were scamming AOL account information from AOL users. The term appeared in January 1996 in the alt.2600 newsgroup but was probably used earlier elsewhere. By 1997 "phish" were traded as currency (e.g., trade X working AOL phish for Y hacking software code). The alt.2600 message was...

It used to be that you could make a fake account on AOL so long as you had a credit card generator. However, AOL became smart. Now they verify every card with a bank after it is typed in. Does anyone know of a way to get an account other than phishing? -- mk590, "AOL for free?," alt.2600, January 28, 1996

Since then, phishing has taken on a far broader application and targets include all users of online banking, credit card users, services like PayPal and eBay, and many other groups and organizations where having user information would be of use to hackers and, more seriously, criminals. Indeed, the term "crimeware" is now sometimes applied to more sophisticated phishing schemes which may include Trojans implanting keyboard loggers onto user systems. The APWG defines crimeware as technology different from adware, spyware and malware by the fact that it is, by design, "developed for the single purpose of animating a financial or business crime."

Phishing attacks have been combatted by shutting down the sites in the phishing messages; a slow but effective process. Newer phishing attacks attempt to get around this by linking to a redirector IP address where multiple phishing sites are linked and when one is shut down another is activated by the redirector.

How to Avoid Phishing

While phishing schemes are becoming quite sophisticated there are some common-sense things you can do to avoid them. The best of these is to simply ignore any requests for personal information that come to you without your having directly caused the request.

Be very suspicious of any E-mail with requests for personal and/or financial information. Be particularly suspicious if the request is somehow marked as urgent. If you want to investigate further, look for these other points...
- Is the mail digitally signed?
- Does the mail imply something dire is about to happen?
- Does the mail ask for information the company should already have or does not need to have?
- Is the mail personalized specifically with the name you have on record with that company (most real mail will be)?
Watch out for clickable links in any E-mail message. A phishing message will have the text of what looks like a valid link but the link itself will go to a different location. If you wish to respond to the message look up the company's actual contact information and call them instead to see if they really sent the message.
- In the same vein, never fill in any forms in an E-mail message.
Make certain you have initiated all communications that involve personal or sensitive information. Type in the Web address (URL) and make certain it is correct. Also, make certain that the connection is secure (e.g., starts with https:// instead of http://). Also, look for the "lock" icon for your browser that will indicate a secure connection.
Log into all on-line accounts you have at least once a month and check the details in the account. Look for any changes that you have not personally made and take these as a suspicious activity. Contact the account holder with those suspicions.
Make certain all security patches for E-mail and Web browsing software are installed at all times.

Just say NO to phishing...

No Phishing

More Information

Anti-Phishing Working Group
CKnow FAQ: How to Respond to Identity Theft
Phishing and Crimeware Map

Last Changed: Saturday, March 11, 2006
Navigation: Computer Knowledge Home :: Terms :: P :: Phishing