Wednesday, May 4, 2011

PHISHING


In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. Phishing is a fraudulent e-mail that attempts to get you to divulge personal data that can then be used for illegitimate purposes.


THE MEANING OF PHISHING 

In the cyber-world phishing (also known as carding and spoofing) is a form of illegal act whereby fraudulently sensitive information is acquired, such as passwords and credit card details, by a person/entity masquerading as a trustworthy person or business in an apparently official electronic communication, such as an e-mail or instantaneous communication. 

ORIGIN OF PHISHING

Early attempts were made at phising in 1990s when offenders originally created on AOL accounts with fake, algorithmically generated credit card numbers - these accounts could last weeks or even months until new ones were required. AOL subsequently, brought in measures in late 1995 to prevent this, so early AOL crackers resorted to phising for legitimate AOL accounts.

Phishing on AOL was closely linked with the warez community that exchanged pirated software. For instance, a cracker might pose as an AOL staff member and send an instant message to a potential victim, asking the victim to reveal his or her password. Later, AOL's policy enforcement with respect to phising and warez became stringent and removed pirated software off AOL servers. AOL simultaneously developed a system to quickly deactivate any account involved in phising besides adopting other steps to combat this form of cyber fraud. 


                    There are many variations on this scheme. It is possible to Phish for other information in additions to usernames and passwords such as credit card numbers, bank account numbers, social security numbers and mothers’ maiden names. Phishing presents direct risks through the use of stolen credentials and indirect risk to institutions that conduct business on line through erosion of customer confidence. The damage caused by phishing ranges from denial of access to e-mail to substantial financial loss.

This report also concerned with anti-phishing techniques. There are several different techniques to combat phishing, including legislation and technology created specifically to protect against phishing. No single technology will completely stop phishing. However a combination of good organization and practice, proper application of current technologies and improvements in security technology has the potential to drastically reduce the prevalence of phishing and the losses suffered from it. Anti-phishing software and computer programs are designed to prevent the occurrence of phishing and trespassing on confidential information. Anti-phishing software is designed to track websites and monitor activity; any suspicious behavior can be automatically reported and even reviewed as a report after a period of time.

This also includes detecting phishing attacks, how to prevent and avoid being scammed, how to react when you suspect or reveal a phishing attack and what you can do to help stop phishers.

E-Mail Is the "Bait"
The e-mail states that due to internal accounting errors or some other pretext, certain information must be updated to continue your service. A link in the message directs the user to a Web page that asks for financial information. The page looks genuine, because it is easy to fake a valid Web site. Any HTML page on the Web can be copied and modified to suit the phishing scheme. Rather than go to a Web page, another option is to ask the user to call an 800 number and speak with a live person, who makes the scam seem even more genuine.

Anyone Can Phish
A "phishing kit" is a set of software tools from phishing developers that help the novice phisher copy a target Web site and make mass mailings. It may even include lists of e-mail addresses (how thoughtful of people to create these kits!).