Network World

research center:

Security

Search / DocFinder:
Advanced search
Research Centers
Vendor Solutions
Site Resources
Special Issues

Signature SeriesEnterprise All-Stars
Enterprise All-Stars NEW

You in action
You in action

New Data Center The New Data Center: Wireless & Mobility
Wireless & Mobility NEW

The New Data Center: Server Virtualization
Server Virtualization

Phishing

Social-engineering hacking done through e-mail.

Advertisement:

A hacker sends out bogus e-mail, or phish, that looks like it's from the billing or security department of a popular Web destination, advising the recipient that his or her credit-card information is needed to clear up a billing or security problem. The recipient is advised to click on a link that typically looks like it might be from that destination; if he or she does, the hacker then collects credit-card data.

Sometimes, the phish makes the link look even more authentic by using a quirk of Internet addressing that allows for a redirect away from a legitimate site - if you put an "at" symbol after a legitimate address, then follow that by another URL, the browser will send the user to the other URL.

A July, 2003 report from the IDG News Service explains the workings of one such effort:

The boy's scam allegedly worked like this: Posing as AOL, he sent customers e-mail saying there had been a problem with the billing of their AOL account. The e-mail warned AOL customers that if they did not update their billing information, they risked losing their AOL accounts, and it directed customers to click on a hyperlink to connect to the AOL Billing Center.

When customers clicked on the link, they ended at the defendant's site, which included AOL's logo, type style, and links to real AOL Web pages. The defendant's AOL look-alike page directed consumers to enter the numbers from the credit card they had used to charge their AOL account, then asked consumers to enter numbers from a new card to correct the problem. The defendant's page also asked for consumers' names, mothers' maiden names, billing addresses, social security numbers, bank routing numbers, credit limits, personal identification numbers, and AOL screen names and passwords.

The defendant used the information to charge online purchases and open accounts with PayPal, and he used consumers' names and passwords to log on to AOL in their names and send more spam. He also recruited others to participate in the scheme by convincing them to receive fraudulently obtained merchandise he had ordered for himself.

From FTC settles with young ID thief, IDG News Service, 07/21/03.

Additional resources:

Phear of phishing
More detailed look at phishing. Network World, 05/31/04.

Anti-phishing.org
Latest anti-phishing news from an industry group trying to curb the practice. Site has examples of phishing messages and links to related resources.

Latest phishing news from Network World Fusion

The Mobile Messaging Security Problem | NetworkWorld.com Community
Jul. 05, 2009
Mobile spam, phishing and such - how concerned are consumers?

NewYork State raises the bar for end user security training
Apr. 27, 2009
New York State is extremely concerned about phishing in general, and more specifically spear phishing, highly targeted phishing attacks designed to penetrate organizations, government agencies, and groups etc.

A clever way to increase employee awareness about phishing
Feb. 02, 2009
A Gartner survey shows that phishing attacks soared in 2007, ultimately costing victims of the attacks at least $3.2 billion. As we start 2009, corporate spear phishing - the practice of targeting specific workers in ...

New DOS attacks threaten wireless data networks
Jun. 05, 2009
NEW YORK CITY -- Forget spam, viruses, worms, malware and phishing. These threats are apparently old school when compared to a new class of denial-of-service (DOS) attacks that threaten wireless data networks.

Securing the Desktop
May. 29, 2009
Given rapidly evolving dangers such as Conficker and silent threats that lurk on otherwise innocent Web sites, having traditional antivirus software on your desktop isn't enough today. You need a suite of tools-- ...

  1   2   3   4   5   6   7   8   9  10  next 


Add a comment

NOTE: Comments are reviewed by an editor before being posted.

Your rating of this resource (with 5 the best)
1 2 3 4 5

Subject:

Your user name (what other users will see on the review):

Your real name (for our records only):

Your e-mail (ditto):

Your comments (Use a blank line to separate paragraphs):

TOP STORIES | MOST DUGG STORIES

  1. The 10 dumbest mistakes network managers make
  2. Six Windows 7 features admins will actually care about
  3. Why the iPhone can't be "killed"
  4. Nortel enterprise chief wants to bring back Bay
  5. More porn sneaks onto the iPhone
  6. Security guard charged with hacking hospital systems
  7. Cisco looks to accelerate virtualization deployments
  8. Cisco announces highest certification
  9. IBM bundles x86 servers with VMware, offers special financing
  10. Ex-Bay Networks CEO: Nortel's enterprise group could do well on its own

2009 Fave RavesNetwork World on Twitter: Get our tweets and stay plugged in to networking news

Newsletters
Sign up for one of NWW's Network Security newsletters.

Security in Practice
Virus and Bug Patch Alert
Security Strategies
Security News Alert
VPNs
Messaging
View all newsletters

Email Address:

Vendor Solutions

White Papers

When Corporate Network Safety Starts at Employees' Homes: Protecting Your Network from Home Wireless Hackers
- WatchGuard

How WatchGuard Could Have Saved Hannaford and TJX Money: Real-World ROI Calculations for Retail Network Security Solutions
- WatchGuard

Top 10 Threats to SME Data Security (and what to do about them)
- WatchGuard

More...

Special Report

Governance and Risk Management: The New Security Reality - Qwest
Learn how to fight social engineering attacks while complying with federal regulations. Security pros describe their breeches and where they are now


Research Centers: Applications | Application Development | Applications-Standards | Applications Vendor Solutions | Collaboration | CRM / ERP | Databases | Directories | Grid Computing | Java | Messaging | .Net | RFID | SOAP | Web Services | XML | Convergence & VoIP | Convergence Regulatory | Convergence Services | Convergence Standards | Convergence VoIP Vendor Solutions | Video | IP PBX | SIP | VoIP | VoIP Services | E-Business | DNS | RFID | Supply Chain | Web security LANs & Routers | Acceleration | Gigabit Ethernet | Lans-Standards | Routers | Wireless LANs | Network Management | Application Management | Desktop Management | Management Test Patch Management | Operating Systems | Linux | NetWare | Unix | Windows Outsourcing | Managed Services | Offshoring Security | Firewalls - VPN - Intrusion | Identity management | Patch Management | Microsoft Security | Privacy | Security Standards | Spam & Phishing | Viruses & worms | Web Security | Wireless Security | Servers & Desktop | Backup-Recovery | DataCenter | Desktops | Desktop Management | Grid | Servers | Server Blades | Servers Desktops | Utility Computing | Small & Medium Business | Broadband | Telework | Handhelds & PDAs | Home Networking | Security | Storage | Compliance | Infiniband | Network-Attached Storage | SANs | Storage Management | Storage Virtualization | Virtualization | Vendor News | Bankruptcy | Earnings | Lawsuits | Layoffs | Standards | Start Ups | Vendor Markets | Education | Financial | Healthcare | HIPAA | Manufacturing | Retail | Wide Area Network | Broadband | Carriers | Frame Relay | Metro Ethernet | MPLS | Service providers | Wireless services | Wireless & Mobile | Wireless LANs | PDAs & handhelds | Wireless Security | Wireless Services | Wireless Standards | Wireless Switches | All Company Profiles