In computing, phishing is a criminal activity using social engineering techniques. Phishers attempt to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an electronic communication. Phishing is typically carried out using email or an instant message, although phone contact has been used as well. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, and technical measures.
The first recorded mention of phishing is on the alt.online-service.america-online Usenet newsgroup on January 2, 1996, although the term may have appeared even earlier in the print edition of the hacker magazine 2600. The term phishing is a variant of fishing, probably influenced by phreaking, and alludes to the use of increasingly sophisticated lures to “fish” for users’ financial information and passwords. The word may also be linked to leetspeak, in which ph is a common substitution for f.
Shown below is a sample email message I received from PayPal
If you dissect this email digging into its header and the content code, you will see two things jump out
1. The image being shown as PayPal logo at the beginning of the email is hosted on a secure website called paypalobjects. The full link for the image is https://www.paypalobjects.com/en_US/i/logo/paypal_logo.gif
2. At the link in the email where they ask you to click to confirm your email account, the link displayed is only https://www.paypal.com/cgi-bin/webscr?cmd=login-run which is actually a valid login site at PayPal.
However, there is a hidden section in that link with your click being forwarded to a dns.nic.bs website.
Luckily, both IE7 and Firefox 2.0’s built in phishing detection work as shown below
Anti-phishing software is available that may identify phishing contents on websites, act as a toolbar that displays the real domain name for the visited website, or spot phishing attempts in email. Microsoft’s new IE7 browser, Mozilla’s Firefox 2, and Opera from version 9.1 will include a form of anti-phishing technology, by which a site may be checked against a list of known phishing sites. If the site is a suspect the software may either warn a user or block the site outright as shown in the pictures above. Firefox 2 uses Google anti-phishing software, which may also be installed under IE6. Spam filters also help protect users from phishers, because they reduce the number of phishing-related emails that users receive. An approach introduced in mid-2006 (similar in principle to using a hosts file to block web adverts) involves switching to using a special DNS service that filters out known phishing domains, which will work with any browser
Sites have added verification tools that allow users to see a secret image that the user selected in advance; if the image does not appear, then the site is not legitimate. Bank of America uses this together with challenge questions, which ask the user for information that should be known only to the user and the bank.
External Anti spam links