It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Some features of ATS will be disabled while you continue to use an ad-blocker.
(fish´ing) (n.) The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user’s information. For example, 2003 saw the proliferation of a phishing scam in which users received e-mails supposedly from eBay claiming that the user’s account was about to be suspended unless he clicked on the provided link and updated the credit card information that the genuine eBay already had. Because it is relatively simple to make a Web site look like a legitimate organizations site by mimicking the HTML code, the scam counted on people being tricked into thinking they were actually being contacted by eBay and were subsequently going to eBay’s site to update their account information. By spamming large groups of people, the “phisher” counted on the e-mail being read by a percentage of people who actually had listed credit card numbers with eBay legitimately.
PC World "The 10 Biggest Security Risks You Don't Know About, Phishing"
Phishing is one of the most lucrative computer crimes, and it continues to grow rapidly. In April 2006 the number of unique new phishing sites spiked to a record 11,121, almost four times the 2854 sites found in April 2005, according to the most recent report from the Anti-Phishing Working Group.
You might expect phishers' fake sites to be easy to recognize by their amateurish spelling mistakes or broken Web graphics. But these days few phishers try to re-create entire bank-site pages by hand. Instead, modern scammers operate sophisticated server-side software that pulls all of the text, graphics, and links directly from the target bank's live site. All of the queries you input go to the real site--except your log-in data. That choice information goes straight to the bad guys.
Some phishing sites have become so smooth that they can even trap cautious and experienced Web surfers. In their "Why Phishing Works" study published in April, experts at UC Berkeley and Harvard presented test subjects with Web sites and had them look for the fakes. As it turned out, "even in the best-case scenario, when users expect spoofs to be present and are motivated to discover them, many users cannot distinguish a legitimate Web site from a spoofed Web site," the report states. "In our study, the best phishing site was able to fool more than 90 percent of participants."
Browser Redirects Below the Radar
The key for the phisher is to inveigle you into visiting the bogus site. You may be well conditioned not to trust an e-mail missive purporting to be from your bank and asking you to click a link to check your account details. But phishers today are adopting more forceful means to push your browser to their sites.
A malware-enabled technique called smart redirection secretly sends your browser to the scammer's Web site even if you manually type your bank's correct Web address into the browser. Malware on your machine monitors the availability of dozens or hundreds of duplicate fake bank sites, hosted on computers around the world, and redirects your browser to an available fake site whenever you attempt to reach your bank. And if authorities subsequently close down one site, the smart redirection software on an infected system simply sends the victim to a destination site that has eluded shutdown.
What is a "phishing" scam?
Phishing is a type of online fraud where the perpetrators attempt to acquire personal, financial, and/or other account information (such as user IDs, passwords, credit card numbers, PINs, etc.) from unsuspecting victims. This type of fraud is typically initiated by sending an unsolicited but official-looking email claiming to be from a reputable company, such as a bank, a credit card firm, or an online establishment. The fraudulent email usually contains an urgent message that tries to lure the recipient into providing sensitive information.
Read More On This
More Ways To Avoid Phishing Scams
FTC Consumer Alert
How Not to Get Hooked by a ‘ Phishing’ Scam
“We suspect an unauthorized transaction on your account.
To ensure that your account is not compromised,
please click the link below and confirm your identity.”
“During our regular verification of accounts, we couldn’t verify your information.
Please click here to update and verify your information.”
Have you received email with a similar message? It’s a scam called “phishing” — and it involves Internet fraudsters who send spam or pop-up messages to lure personal information (credit card numbers, bank account information, Social Security number, passwords, or other sensitive information) from unsuspecting victims.
According to the Federal Trade Commission (FTC), the nation’s consumer protection agency, phishers send an email or pop-up message that claims to be from a business or organization that you may deal with — for example, an Internet service provider (ISP), bank, online payment service, or even a government agency. The message may ask you to “update,” “validate,” or “confirm” your account information. Some phishing emails threaten a dire consequence if you don’t respond. The messages direct you to a website that looks just like a legitimate organization’s site. But it isn’t. It’s a bogus site whose sole purpose is to trick you into divulging your personal information so the operators can steal your identity and run up bills or commit crimes in your name.