The Basics of Phishing

Phishing is the act of sending an email in an attempt to get you to disclose personal information and financial information. These emails appear to be from familiar organizations, businesses or corporations and include
links to a web site that look almost exactly the same as the real site.

For example, you might get an email indicating that for security reasons you need to verify your account information at your financial institution, credit card company, major retailer, job site or another vendor.

These emails also use fear to motivate you to act before a certain date to prevent something from happening to your account. They may tell you that your account will be closed or suspended or that someone has already gained access to it.

Phishers rely on the ability to persuade the victim to intentionally perform a series of actions that will provide access to confidential information.

The Phisher impersonates a trusted source and the victim follows the instructions believing that his/her account or information is at risk.

In nearly all cases, the Phisher uses e-mail as his method of contacting the victim. The e-mail message arrives with a persuasive subject line that is likely to provoke an emotional response and most of the time the priority is set to the highest level. The victim is then instructed to follow a URL that is actually owned and operated by the Phisher and not
the organization he/she is impersonating. The Phisher has created a domain and a Web site that looks very much like the site he/she is impersonating.
The Web site is often on a secure server to further confuse the intended victim.

The most common characteristics of a Phishing e-mail are:

* Official looking containing corporate logos and other graphics

* Frequently has a virus or worm attached or embedded in the Web site where victim is asked to enter his/her personal information

* Real or very similar from e-mail addresses of the impersonated organization

* Frequently uses HTML to obscure the target of the URL

* If you look closely, you'll often but not always find typo errors, spacing errors and other subtle mistakes that are not likely to be made my professionals at the impersonated organization.

In millions of cases each year, victims give up their names, addresses, Social Security Numbers, dates of birth, mother's maiden names, account numbers, passwords, PIN numbers and other information needed to make purchases
and steal identities.

Once the personal information is obtained, the Phisher then uses the information to make purchases with existing accounts and frequently sells the information to others who will do the same thing.

There are numerous other techniques used by Phishers to lure people to their Web sites and convince them to give up their personal information.