What is Phishing?
When used within the context of computer security and data safety, phishing refers to the illegal activity of tricking a computer user into divulging personal information. What a phishing scam looks like is easily answered by a merely cursory glance into an email account’s spam filter. There the observer is sure to notice email scams that promise lottery winnings or business proposals that would net large sums of money- merely for depositing a large check. Of course, phishing scam information changes with the crooks that perpetrate the fraud.
Beyond Obvious Internet Scams
These email scams are well documented and frequently featured on the evening news. A much more sinister version of the phishing scam is the kind of Internet fraud that leaves the computer user unaware that s/he has become a victim of phishing and most likely also identity theft.
The look and feel of such phishing scams is sinister, in part because they look like legitimate email communications from businesses with which the user has a relationship. For example, a PayPal user receives an official looking email– complete with trademarked logos and graphics- warning that her/his account became corrupted. She is urged to log in, check the balance, and reset the password.
For the user’s convenience, a link to PayPal is included in the email. When the user clicks on the link, she is taken to a website that looks identical to PayPal, but is actually part of the larger phishing scam. As the user attempts to enter the log-in information, she may receive an error message, urging a later attempt. What she fails to realize is the fact that she just divulged – via a key-logging program – what her PayPal login and password are.
The next time the user logs into the genuine PayPal account, the account is most likely raided and empty- as might be the bank accounts and credit cards to which it is tied.
The Cost of Phishing Attacks
A Gartner Survey(1) reveals that in 2007 alone, a staggering $3.2 billion was lost due to phishing scams. Phishing attacks successfully targeted roughly 3.6 million computer users. It is interesting to note that the survey also outlined that the individual user’s loss was small – scam-reporting survey participants suggest the average monetary loss was about $200 – but the overall loss increased, simply because more phishing operations found more victims.
Consumers should understand that some websites– most notably PayPal and eBay– are the subject of phishing attempts more often than others. Yet even the Internal Revenue Service (IRS) and a number of banks are becoming favorite targets for the scam operators. It is not uncommon for phishing scams to send out mass emails purporting to be from the IRS or a popular bank, assuming that at least a sizeable portion of the target audience has dealings with both or either.
Some companies, such as PayPal, now warn a consumer that if he receives an email claiming to be from PayPal, it will begin with the consumer’s name and never ask for log-in information. Mass email senders do not take the time to personally address each email, making this a good first litmus test.
Another means of staying safe includes the activation of Window’s IE phishing filter, or the combined use of GMail and 1Password for the Mac user, as outlined by Agile Web Solutions(2).
What Does a Phishing Scam Look Like?
Wombat Security Technologies, Inc. currently offers an anti-phishing training game aptly named "Anti-Phishing Phil(3)." Bright Hub’s own Meryl Evans evaluates the game in her article “Train Employees on Anti-Phishing with Anti-Phishing Phil.” The main objective is to teach how to understand some of the coding contained in URLs and where they may truly lead. this type of phishing scam information helps to put participants in the game on guard against cyber attacks.
- Gartner.com. “Gartner Survey Shows Phishing Attacks Escalated in 2007; More than $3 Billion Lost to These Attacks” (accessed February 23, 2010)
- Agile Web Solutions. “How to Protect Your Mac From Phishing” (accessed February 23, 2010)
- Anti-Phishing Phil
Photo Credit: "Phishing" by the U.S. Federal Trade Commission/Wikimedia Commons at https://commons.wikimedia.org/wiki/File:Phish.jpg