May
24
2009

What is phishing?

Phishing e-mail

This fake e-mail is made to look like it came from the Royal Bank of Canada web site. Misspellings and awkward English are among the signs that this letter is fake. Also, the link to the web address in the middle of the letter actually goes to a different destination than what the e-mail states. Smith graphic. CC-BY.

Phishing is a type of fraud in which people are tricked into providing information such as passwords, usernames and bank account data that can be used to gain unauthorized entrance to accounts.

In one of the simplest and most common types of phishing, the scammer sends e-mails providing a link to a web site and tells the victim he or she needs to make changes to an account of a bank or retailer. When the victim clicks on the link, the Internet browser opens to a look-alike fake version of the real site. If the victim enters his or her username and password, the scammer can use that information to access the real account to withdraw money or create other problems.

Phishing is most often done on the Internet, although it can be done over the phone as well. A few months ago I received a late-night phone call telling me that my bank account had been hacked into and that I needed to provide my Social Security number to prevent my account from being closed. Fortunately, I didn’t fall for the bait. Here are some other ways in which scammers can attempt to get into your accounts:

  • If you receive an e-mail with a link to a business, that link may take you to a site that has a web address that is similar to what you’d expect. For example, it may substitute a capital “I” for a lower-case “l,” or it may take you to something like www.desired-domain-online.com instead of www.desired-domain.com. If the site looks like what you’d expect, you may be fooled. It is also possible to use foreign letters, such as using a μ (the Greek letter mu) instead of a u, or an α (the Greek letter alpha) instead of an a, in a domain’s name.
  • Similarly, it is possible to put the the web address you’d expect inside a longer address in order to confuse you. For example, if you don’t look carefully you might expect that http://bigbadscamsite.com/accounts/files/your-bank-site.htm or http://yourbanksite.bigbadscamsite.com will take you to your bank’s site, but it won’t (of course, the real scam sites aren’t going to announce it like these examples did!).
  • More sophisticated exploit security holes are sometimes uncovered in browsers, which is one reason why you should keep up to date on browser security patches. Some more sophisticated exploits, for example, might be able to make your browser display a false address, or fool you into thinking you’re entering information on one site when it is actually going somewhere else.

Unfortunately, there’s no 100-percent guaranteed way of avoiding becoming the victim of a phisher. But you can protect yourself from the vast majority of such scams by following safe browsing practices such as not clicking on links you receive in e-mail.

Related questions:

  Need research? Quezi's researchers can answer your questions at uclue.com

Written by | 2,294 views | Tags: , , , , ,

No Comments

Comments are closed.

RSS feed for comments on this post.


Privacy Policy | Acknowledgements