- slide 1 of 5
Thankfully the basic question "What Type of Attack Involves Someone Requesting Your Login and Password?" is very easy to answer. Anyone attempting to steal your login or account information is carrying out a phishing attack. Phishing is a very widespread online scam is it is very likely that the average browser will encounter phishing scams. If you're curious about the origin for the term phishing, we have an entire article on the history of phishing and how it grew into the force it is today.
Phishing is almost always done as a way for scammers to get money. It can take a direct form, such as phishing for bank information or credit card numbers. Some phishing takes a bit more of an indirect form though, such as attempts to gain access to e-mail accounts and accounts on social networking sites, like Facebook. Once the phisher has access to the account, they could use your name and account to send spam messages or try to phish your friends' accounts using your name.
The actual phishing attack can take several different forms which we explain below.
- slide 2 of 5
Phishing - Spoof Websites and Emails
Spoof websites and spoof e-mails are a popular phishing method because they are able to target large numbers of people with minimal effort. The effort is usually lazy and easily spotted, but they can get plenty of money from the small percentage that falls for their scam.
I would actually be quite surprised if you never ran into a spoof e-mail. Spoof e-mails are just fake e-mails that pretend to be from a trusted website. Paypal phishing is one of the main forms and it serves as a good example. A phishing e-mail trying to get the login and password for a paypal account might tell you that your account is locked or being charged a large sum of money. The email will look fairly convincing with the right logos and possible even have correct grammar and spelling. The link at the bottom that supposedly points to paypal.com will actually point to a fake website with a login page. Any information entered on this page will be captured by the phishing scam operators and used to empty your accounts and possibly steal your identity.
As a general rule of thumb, never use the links in an suspicious e-mail. Always enter the address in yourself or at least hover your mouse over the link to see where it really goes. And remember that a legitimate situation like this is essentially unheard of so if you aren't sure about the email it is best to confirm with the sender by calling the offices of the business supposedly contacting you.
- slide 3 of 5
Phishing - Social Engineering
Another way to get your login and password is through a social engineering twist to phishing. Social engineering is much more focused and direct. It involves a person directly trying to get your information through specialized scams. One potential example could be a type of eBay scam that usually targets high priced items.
In this case, the phishing scammer will talk to the victim for awhile and gain their confidence for the large sale. They then convince the victim that they should use an escrow service to make the transaction safe for both of them. The escrow website they suggest will be a fake service that they own. By creating an account on it, you'll hand over vital banking and personal information.
- slide 4 of 5
Phishing - Malware
I won't spend too much time covering malware, since it's technically an entirely different field. Malware can be used to gain account information and passwords though. The process itself is fairly simple. The malware will get onto your computer through an infected ad, corrupted website, e-mail attachment or malicious download. The malware can then search for records of saved passwords in your chosen Internet Browser. It is best dealt with using appropriate anti-virus software.
- slide 5 of 5
This is naturally just the tip of the iceberg for phishing. Phishing scams are a profitable and growing menace on the Internet and will probably continue to grow and evolve as more business move online.
Hopefully this article has managed to answer any questions you have about scams where someone requests your login and password. Knowing the basics of phishing scams will make you better equipped to avoid them in the future.
Image Credit: Wikipedia Commons - http://commons.wikimedia.org/wiki/File:Phishing.JPG