Phish in a Barrel

Posted By BrokenClaw on February 6, 2008

Phishing is the slang term to describe attempts by malicious people to obtain personal information by fraudulent means. While the definitions may blur, depending on who you ask or what you read, in general, spamming is from someone trying to sell you something, and phishing is from someone trying to get you to give them something.

The term phishing simply comes from an altered spelling of fishing. It refers to the practice of dropping a line — or sending thousands of emails — and see who bites.

Phishing probably started with Instant Messages on AOL in the 1990s, with hackers pretending to be AOL officials, who would send an Instant Message requesting the user to confirm their password. If the user complied, the hacker could use that person’s account for any number of nefarious uses.

Today, phishing schemes generally involve an email message, where the sender pretends to represent a legitimate company, such as eBay or PayPal or Yahoo!, and requests the user to click on a link to confirm their password. Of course, the link takes the user to a fake website which easily collects the login and password for the hacker.

Often the sender’s email address, and the web address of the link, sufficiently resemble the legitimate company so that the user doesn’t recognize the difference. This practice is called spoofing. For example, the web address may differ by one misspelled letter, or it may use a subdomain which includes the name of the legitimate company.

The word spoofing is also used to describe the situation where a hacker manipulates his return email address to make it look like it came from a legitimate website.

Phishing schemes may also involve attempts to get the user to give financial information directly, such as credit card numbers, by promising valuable savings on popular products or winnings in contests the user never entered. These schemes are tantamount to online identity theft.

Read more about Phishing Schemes.

Comments

Comments are not allowed.

Switch to our mobile site