“So what is Phishing and does it involve hooks, bait, or a net” I hear you say;
Well Phishing is a form of fraud and it does involve a net; the internet that is and in a way it does also involve bait, in the form of fraudulent emails. I’m not too if it involves hooks but perhaps some other equally sharp object ready to strike you where it hurts: your wallet!
The concept of phishing involves the sending of thousands of spam emails. These emails claim to be sent from the recipient’s bank or similar institution. The typical phishing email will contain details of a fake security alert. It is not uncommon for the email to then ask the recipient to give over sensitive information either about them selves, their bank account, or even account login details. The information is often requested via reply email or via a link to a phoney web page.
Phishers often send out thousands of spam emails in the hope that just 1 or 2 people will fall for their trap. The process does not take a degree in rocket science or actually any advanced knowledge of computing to start and the advancement of security measures in the real world banks and building societies and even peoples homes has forced criminals to evolve and take advantage of the anonymous nature of the World Wide Web.
The emails can generally be very deceptive and can look just like any news email you might receive from any commercial organisation, they can contain the exact headers, security warnings and other information that you would expect in a normal commercial email. Phishing emails can take many forms; for example emails have been known to impersonate foreign prisoners who are apparently victims of injustice asking you to pledge money to campaign for their release. Just be aware and as a general rule never give any sensitive information or pay for anything to any one over the internet unless you can absolutely guarantee it is to a trusted party and over a secure connection.
Your bank or building society will never under any circumstances ask for your sensitive login data, especially not through such an insecure medium as email. If you ever suspect an email to be of a fraudulent nature you should never reply to it, click any links embedded in it or open any attachments. The best course of action would really be to permanently delete it from your computer or you could take steps to report the email.
There are several places you can report suspect phishing emails to. You may wish to forward the suspicious email to your bank or building society, to your ISP (internet service provider) or you can report it an agency that is active in the prevention of phishing such as www.antiphishing.org/ or http://www.us-cert.gov/nav/report_phishing.html.
Phishing is the most common form of internet based crime and sadly it is becoming increasingly more common, with over 200,000 fraudulent emails stopped every month and god knows how many that make it through, there isn’t much in the form of evidence apart from those that get reported but often this is far too late.
The good news is that leading banks and security organisations are working together to prevent phishing and internet fraud, however the vastness of the internet and the constant advancement in technology are presenting many a challenge to the task at hand. More sophisticated vectors of attack and prevention immerge every day adding to this on going war against crime.
So be vigilant, be aware and be careful is the message I will give to you. The conveniences and advantages that can be had from internet banking services are plentiful, hopefully through prevention and the education of users less victims will fall victim the traps laid by fraudsters via the internet and email and force this terrible cyber threat to die out.