Phishing
Phishing represents the fraudulent acquisition by means of deception of personal and financial information like credit card information and passwords. [1]
Short overview
Simply put, the extraction of financial and personal data is achieved by means of phishing practices through fraudulent emails and legitimate website copies. This is a very dangerous form of theft practiced over the Internet. [2]
The practice of phishing is similar to "brand spoofing" or "carding" depending on the method used to deceive Internet users. In other words, practices such as brand spoofing or carding are forms of phishing.
Phishing history
The phishing scams first appeared during the 1990's when hacking into AOL started. There were a set of emails which seemed to come from AOL but were actually sent by a hacker. These emails requested users to update their personal and financial information so that many people exposed personal information which was later used by hackers.
The phishing attacks expanded soon with Paypal methods and other such organizations and websites which dealt with online payments. This is when the need for secured payment applications was highly required.
Types of phishing practices
Phishing involves the following:
- The possibility of introducing a virus attack
- The development of a legitimate website copy
- By means of instant messaging
- Fooling Internet users to submit financial and personal data or passwords
- Emails that claim to be sent on behalf of well-known organizations.
- Voice phishing is a rather new form of phishing: the hacker simply replaces the website with a telephone number so that users will receive an email from their favorite websites and they are requested to call a specific number and update their information. How to hackers determine favorite or highly-visited websites? By installing a spyware into the computer or hacking the website. [3]
- Tabnabbing: takes advantage of multiple tabs which Internet users may frequently use and redirects the Internet user to the wrong website.
- Pop-up windows which may appear from legitimate and original websites but request financial and credential information to be supplied.
Protection against phishing practices
In order avoid being a victim of such phishing practices, the Internet users should take the following aspects into consideration:
- Avoid or delete mass emails
- Install a anti-phishing software
- Avoid password authentication services
- Ignore emails requesting financial information updates
- Use spam filters to eliminate phishing emails. This solution relies on natural language processing methods and is able to substantially reduce the amount of phishing emails.
- Do not trust impersonal emails
- Suspicion regarding email links
- When submitting credit card information is important to make sure the user is accessing a secure website with secure payment [4]