How Hackers Steal Personal Information - Phishing Examples
written by: Sheila Robinson•edited by: Aaron R.•updated: 6/13/2010
Phishing is an increasing problem. Hackers have been able to steal personal information through emails, websites, PC utility programs and even over the phone. Described below are some phishing examples that have been used to rip off unsuspecting victims.
slide 1 of 7
Social Network Website Phishing
One of more recent phishing examples used by hackers is taking advantage of social network websites to steal personal information. Twitter account users have received tweets that contained a link with phrases like “LOL is this you" or “This you??" When the Twitter user clicked on the link, they would be taken to a fake Twitter login page. Once their user ID and password were entered, the “fail whale" error screen displayed and the user is taken back to their account page. During this fake error, their account information is compromised.
Facebook users have been targeted with fake emails that claim that the password to their account has been reset. An attachment is conveniently given to provide the user with their updated information. When opened, a password stealing malware program is activated. All passwords used on the user’s PC are then taken.
slide 2 of 7
Search Engine Phishing
In search engine phishing, fake websites are created. Web surfers find the sites through their own search engine research. The person sees a list of links and is drawn in by a tantalizing offer from one of these websites. When the unsuspecting person signs up with the bogus site, personal information is stolen while the account is created.
slide 3 of 7
Keylogging or Screenlogging Phishing
Another phishing example is the use of keylogging or screenlogging malware to steal personal information. This type of attack commonly occurs after downloading certain free utility programs (also called helper objects). Once installed on a victim’s PC the malware can then track the user’s keyboard input and information obtained through web surfing every time a browser window is opened.
slide 4 of 7
Voice Phishing (Vishing)
Vishing is a form of identity theft that tricks you into revealing some personal information over the phone. In this phishing example, unsuspecting victims are contacted by email with a request to call a specific number to verify their account information or risk having it closed. When the person makes the call, information is stolen after the user gives it away.
slide 5 of 7
Deceptive phishing uses email messages that attempt to verify personal information. They are presented to look like they are from legitimate companies that a person may have an account with. To draw the person in, the messages can claim unauthorized activity, additional charges or new services that need attention. A fake website link is then included for the person to “conveniently" login to their account. Once a person clicks the link and enters their username and password, the information is stolen by the hacker.
slide 6 of 7
Phishing does not always target random groups of people. Spear phishing is a technique that goes after a specific person. A customized email is created to appear as a message from an employee or friend that the person communicates with on a regular basis. Like deceptive phishing, the email will have a link or ask you to open up an attachment. Once a user does this, keylogging malware is installed into your PC which can monitor your activities.
slide 7 of 7
Other Phishing Examples
Malware Based Phishing
These are phishing scams that involve using malicious software on a user’s PC. The malware can affect a computer's functionality and performance. This type of malware is typically included with downloadable files from the web, email attachments or by exploitation of PC security vulnerabilities.
User’s web activities are monitored while they sign into a particular online account. Malicious software takes over and can then transfer funds or information without the user’s knowledge.
In this method of phishing, legitimate content of a website is replaced with false content designed to mislead users into giving up confidential information.