Pin Me

Recognizing Cybercrime: Phishing by Email and Facebook

written by: Sylvia Cochran•edited by: Lamar Stonecypher•updated: 4/26/2010

When it comes to cybercrime, phishing is one of the most widely used methods for defrauding Internet users. The tactics and delivery of the scams vary, but the goal of this online fraud is usually the same: to discover private information about a consumer that can be used for gain.

  • slide 1 of 3

    Cybercrime: What is Phishing?

    The FBI’s definition of cybercrime includes fraud, malware, offenses against children, and intellectual theft. Part and parcel of the fraud category is phishing. As a cybercrime, phishing involves the attempt to defraud an online user by posing as a trusted entity or by blatantly lying about a situation, which may compel the user to send money or goods.

    What makes this kind of online crime so successful is the wide array of guises it takes on; there is not one clear-cut appearance of the illegal activity that a consumer could learn to avoid. Not surprisingly, cybercrime prevention specialists understand that the best offense is an education in the various looks and modus operandi of phishing operations.

  • slide 2 of 3

    How is a Phishing Scam Delivered?

    The simplest phishing emails involve the use of an unsolicited communication (or spam) that offers free goods and services in return for a signup. When the consumer enters the requested information, it is harvested and sold to mailing list companies. Even though spam is illegal, enforcement is spotty and even the best email spam filters cannot remove all of these emails.

    A twist on this kind of email is the one that is usually received by Hotmail account holders, which purports to be from Microsoft or Hotmail itself. It threatens account closure unless the email account holder verifies his account with the login information and birth date. Needless to say, the phishing scam operators are looking to ferret out login information for spamming purposes and personally identifiable data for other uses.

    Another email phishing scam involves the forging of a financial institution’s logo and email communications. Usually this is done with a popular bank’s name so as to appeal to a larger portion of the email recipients. The email generally alerts the recipients to alleged problems with their accounts and urges them to log in and reset their passwords.

    Such emails offer convenient links that lead to a third party website, where the username and password are captured. Thus equipped, the cyber criminals now access the bank account holder’s real account and transfer money or simply withdraw it.

  • slide 3 of 3

    Cybercrime: Phishing on Facebook

    Emails are not the only delivery mechanism for phishing scams. In fact, the surging popularity of Facebook and other social networking sites now make them premier targets of phishing operations. Facebook phishing scams include the attempts of data mining, which seeks to harvest readily supplied information by users that includes birth dates, email addresses, personal addresses and maiden names.

    Anonymous postings that frequently go viral try to start movements that encourage Facebook users to post their year of birth or mother’s maiden name as their status updates. By promising to be part of a big movement, Facebook users are routinely swept up in the excitement. This information can be used to open up- or hack into- users’ accounts, since this data is routinely used as a secret question or password hint.