Phishing not Fishing

Phishing attacks have risen dramatically since it's inception and anyone is a target. What is phishing? Phishing is an attack which attempts to acquire information like user name, passwords, credit card details and bank account information by impersonation a trustworthy entity in electronic communications ie.emails. The email could contain a link to what appears to be a trustworthy website, like your bank or credit card company, but the site is actually infected with malware. The site can capture keystrokes, in order to get user name and password, pin numbers to accounts along with infecting the users computer with malware and virus'.

There are different types of Phishing techniques. The most common is sent as mentioned above and directed at numerous victims. There is Spear Phishing which is direct at specific individuals or companies. The correspondence spam appears to be from the company's human resource department or technical department and may ask a user to update user name and password. Once hackers have received this information they have gained access to the network and can attack it. The spam may also direct the victim to click on a link which will launch an attack that could steal personal information.

There is also Whaling. This type attacks upper management in private in companies. The content will be crafted to target an upper manager and the person's role in the company. The attack email is often written as a legal subpoena, customer complaint, or executive issue. The attack appears to be critical email sent from a legitimate business source. There is usually a link that can look very legitimate and once user clicks it will launch a phishing attack.

Phishing was reported as early as early 1990's and hit AOL. The software provided an automated password and credit card-stealing mechanism with was dubbed AOHELL.What began as a scheme by rebellious teenagers to steal passwords evolved into one of the top computer security threats affecting people, corporations, and governments.

When phishing first begin the email was full of text, had misspelled words and poor grammar so they were much easier to recognize as being spam. Through out the years tactics have changed. Around 2003 E-mail fraudsters register dozens of lookalike domain names. They also create Web sites that contain the names of well-known companies and brands like microsoft.checkinfo.com.. Unaware of the attack a recipient would click on the link causing their personal information, network information, and various other things to be compromised.

How do you stop Phishing? The most important part is for ALL users to be aware of these tactics. If you receive an email from someone you don't know, delete it. Your bank, ISP, credit card company, will NEVER send an email to you asking to provide user name and password. If you receive this type of email on a business email address, send it to the IT department for further action. At home it's important to keep your system safe. To do this always make sure your firewall is set for Phishing filtering, does not allow suspicious items through the network. Also make certain the anti virus is up to date and running in protection mode. Even with these steps in place you may get attacked so make certain all your invaluable data is back up and you have a plan for recovery.