| reply to cvrefugee
Re: Hmm... Not even close. Phishing is when a scammer tricks a user into entering sensitive information (account usernames/passwords, credit card info, bank account info, ssn, etc) into their site while the user thinks they are at another website (eBay, their bank's site, etc).
Commonly, the phisher will send out an e-mail telling the user that they need to update some account information. The e-mail will include a "helpful" link. This link will go to a page that looks a certain site (e.g. citibank.com) but isn't. Depending on the level of sophistication, the URL might be an IP address, a "look-alike" domain (c1tibank.com), or a domain name faked using an address bar exploit.
The user would click on the URL, fill out and submit the form, and the phisher would then use the submitted information for something nefarious (drain their bank account dry, sell their identity, etc.).
Except for the address bar exploit (which only aids phishing), phishing isn't limited to one browser. You can "get phished" while using IE, FireFox, Opera, whatever.
--
-Jason Levine
http://www.jasons-toolbox.com/
http://www.PCQandA.com/
http://www.urateit.com/ |
|
 cvrefugeePremium
join:2003-09-15
Corona, CA
kudos:7 | I knew what it was, but I remember this piece of news. |
|
 jaykaykay4 Ever YoungPremium,MVM
join:2000-04-13
Scottsdale, AZ
kudos:19 | Actually, what the others are trying to tell you is that this little tool is a good one to help elmiminate a problem and is a good security device. |
|
 calvoiper
join:2003-03-31
Belvedere Tiburon, CA | reply to Jason Levine
I have an anti-phishing device.
It's a sign on the wall that says "Don't be stupid and respond to unsolicited requests for information."
It works pretty well for me.
Calvoiper
--
VoIP--the death knell of remaining voice monopolies! |
|
 click_310Eat my shorts
join:2002-12-06
Savannah, GA | said by calvoiper:I have an anti-phishing device. It's a sign on the wall that says "Don't be stupid and respond to unsolicited requests for information." It works pretty well for me. Calvoiper Please send a copy to my Mother-in-law |
|
|
|
 keith2468Premium,MVM
join:2001-02-03
Winnipeg, MB
1 edit | reply to calvoiper
An intelligent sign to have on the wall.
But phishing works by seeming to be solicited.
Phishing pretty much always involves widely used companies so that there is a high likelyhood that some phishmail recipients will not be surprised to receive the email.
Say you deal with, say, Wells Fargo Bank, and you do banking transactions over the internet.
Say you get an email from Wells Fargo Bank. That email seems to be solicited. The Phisher spoofs the return email address, which as you may know is not hard to do, so that you think the email is from a company you normally get email from.
The second twist is that phishing emails often have perfect business english (unlike most virus emails). They usually have the same phrasing that a bank or ISP or whatever company would use. One tip-off about phishing email is that the phisher usually doesn't know your full name and address or account number. So if the usual personal details are missing, suspect phishing. And always report suspected phishing using the procedures in the FAQ linked at the bottom.
So you click on the link in the email, go to a familiar looking website, and see actual real Wells Fargo graphics all over it.
And that is the third twist. Because web pages are downloaded to browsers for display, the legitimate web page contents are available to phishers for copying. Phishers can make exact copies of the real pages and the real graphics on the real pages.
The final phishing trick is to send you to part of the legitimate company website after you give up your information (usually credit card number, account name, password, whatever).
That way, they get your info, and you enter the regular website, and there is nothing to tip you off that you've been scammed -- until your credit card goes over limit, or your ISP suspends your account for spamming.
Here is the BBR FAQ on phishing:
»Security »Scam Email: What is Phishing? What do I do about it?
There is a link to actual pictures of phishing emails and websites. You can see how realistic they are. The pictures have notations on any tip-off clues. »www.antiphishing.org/phishing_archive.html
--
(Virus&Hijacking FAQ + Submit suspected malware + Backups FAQ + Security FAQ TOC) |
|
