Phishing

dreamstime_12425873Phishing is an Internet misspelling of Fishing.  You may have come across the phrase “fishing for information”.  This is essentially what phishing is, but applied to the Internet rather than talking to someone face-to-face. It is related to the term Phreaking, used to describe the activities of phone phreaks, who attempt to manipulate the telephone system to obtain free phone calls. Phishing is generally carried out by Internet criminals and fraudsters who wish to get their hands on a computer user’s valuable personal information.  This information usually includes credit card details, user login details and passwords. There is a related technique known as Pharming, which attempts to misdirect unwary users to fake web sites in order to obtain their personal information. The latest threat to appear is phishing via SMS, known as SMiShing. SMS stands for Short Message Service and is the system used to send text messages over mobile phones. Security experts believe that this kind of attack is on the increase. Phishing works by a fraudster setting up a fake or spoof web site that is similar, or virtually identical to a legitimate web site, for example, a bank.  An e-mail is then sent to many people (often millions) informing them that they must go to this website link in the e-mail and type in important information.  The e-mail may tell them that if they fail to do this then they may end up losing money or that their bank account will not be secure. This is a very effective scam because it is based upon people’s fear.  This kind of attack is often classed as a type of Social Engineering, as it is based on human characteristics rather than hardware or software. Reports of Phishing scams include the following:

  • PC Advisor  reports on how to avoid being scammed in the UK 2016: Expert advice on scams to avoid including HMRC, Royal Mail, Microsoft, WhatsApp Gold, contactless payments, expired Apple ID, fake Olympics tickets and more.
  • Spamfighter reports that cyber-criminals are targeting PayPal users with e-mails that apparently sent by the Internet payment firm, with a form attached, urging recipients to complete it with their financial data and other personal information in order to continue using their accounts.
  • SecurityProNews reported that users of the  Xbox Live online gaming service have been getting phony emails from sites claiming to give away Microsoft points (the online currency for Xbox Live).These emails, which look very official, redirect users to sites where they are asked to enter sensitive information that can be used to purchase more points.

Have a look at some examples of phishing emails, supposedly from major organisations such as high-street banks, PayPal and eBay. Next: WiFi