Phishing
Social-engineering hacking done through e-mail.
A hacker sends out bogus e-mail, or phish, that looks like it's from the billing or security department of a popular Web destination, advising the recipient that his or her credit-card information is needed to clear up a billing or security problem. The recipient is advised to click on a link that typically looks like it might be from that destination; if he or she does, the hacker then collects credit-card data.
Sometimes, the phish makes the link look even more authentic by using a quirk of Internet addressing that allows for a redirect away from a legitimate site - if you put an "at" symbol after a legitimate address, then follow that by another URL, the browser will send the user to the other URL.
A July, 2003 report from the IDG News Service explains the workings of one such effort:
The boy's scam allegedly worked like this: Posing as AOL, he sent customers e-mail saying there had been a problem with the billing of their AOL account. The e-mail warned AOL customers that if they did not update their billing information, they risked losing their AOL accounts, and it directed customers to click on a hyperlink to connect to the AOL Billing Center.
When customers clicked on the link, they ended at the defendant's site, which included AOL's logo, type style, and links to real AOL Web pages. The defendant's AOL look-alike page directed consumers to enter the numbers from the credit card they had used to charge their AOL account, then asked consumers to enter numbers from a new card to correct the problem. The defendant's page also asked for consumers' names, mothers' maiden names, billing addresses, social security numbers, bank routing numbers, credit limits, personal identification numbers, and AOL screen names and passwords.
The defendant used the information to charge online purchases and open accounts with PayPal, and he used consumers' names and passwords to log on to AOL in their names and send more spam. He also recruited others to participate in the scheme by convincing them to receive fraudulently obtained merchandise he had ordered for himself.
From FTC settles with young ID thief, IDG News Service, 07/21/03.
Additional resources:
Phear of phishing
More detailed look at phishing. Network World, 05/31/04.
Anti-phishing.org
Latest anti-phishing news from an industry group trying to curb the practice. Site has examples of phishing messages and links to related resources.
Latest phishing news from Network World Fusion
The Mobile Messaging Security Problem | NetworkWorld.com Community
Jul. 05, 2009
Mobile spam, phishing and such - how concerned are consumers?
NewYork State raises the bar for end user security training
Apr. 27, 2009
New York State is extremely concerned about phishing in general, and more specifically spear phishing, highly targeted phishing attacks designed to penetrate organizations, government agencies, and groups etc.
A clever way to increase employee awareness about phishing
Feb. 02, 2009
A Gartner survey shows that phishing attacks soared in 2007, ultimately costing victims of the attacks at least $3.2 billion. As we start 2009, corporate spear phishing - the practice of targeting specific workers in ...
New DOS attacks threaten wireless data networks
Jun. 05, 2009
NEW YORK CITY -- Forget spam, viruses, worms, malware and phishing. These threats are apparently old school when compared to a new class of denial-of-service (DOS) attacks that threaten wireless data networks.
Securing the Desktop
May. 29, 2009
Given rapidly evolving dangers such as Conficker and silent threats that lurk on otherwise innocent Web sites, having traditional antivirus software on your desktop isn't enough today. You need a suite of tools-- ...
1 2 3 4 5 6 7 8 9 10 
Add a comment
Network World on Twitter: Get our tweets and stay plugged in to networking news
