|
|
|
Each month we highlight an Internet,
USENET Special Interest Group (SIG), or similar mailing
list(s) or website(s).
The Information
Security folks have a new page on "Phishing Scams."
Webopedia defines phishing
thusly:
- (fish´ing) (n.) The act of sending an
e-mail to a user falsely claiming to be an established legitimate
enterprise in an attempt to scam the user into surrendering private
information that will be used for identity theft. The e-mail directs
the user to visit a Web site where they are asked to update personal
information, such as passwords and credit card, social security, and
bank account numbers, that the legitimate organization already has.
The Web site, however, is bogus and set up only to steal the user’s
information. For example, 2003 saw the proliferation of a phishing
scam in which users received e-mails supposedly from eBay claiming
that the user’s account was about to be suspended unless he clicked on
the provided link and updated the credit card information that the
genuine eBay already had. Because it is relatively simple to make a
Web site look like a legitimate organizations site by mimicking the
HTML code, the scam counted on people being tricked into thinking they
were actually being contacted by eBay and were subsequently going to
eBay’s site to update their account information. By spamming large
groups of people, the “phisher” counted on the e-mail being read by a
percentage of people who actually had listed credit card numbers with
eBay legitimately.
Phishing, also referred to as brand spoofing or carding,
is a variation on “fishing,” the idea being that bait is thrown out
with the hopes that while most will ignore the bait, some will be
tempted into biting.
With that in mind, check out the Information Security phishing page:
http://www.unt.edu/security/phishing.pdf
Return to top |
