Phishing

In computing, phishing (also known as carding and spoofing) is the act of attempting to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business with a real need for such information in a seemingly official electronic notification or message, such as an email or an instant message. It is a form of a social engineering attack. The term phishing comes from the fact that Internet scammers are using increasingly sophisticated lures as they "fish" for users' financial information and password data.

With the growing number of phishing incidents reported to the Anti-Phishing Working Group, additional methods of protection have been needed. As a result of this danger, to both the business and home user communities, there have been several different attempts to decrease the problem. These attempts include legislation, user training, and the creation of various types of software.

Phishing: Brief History

The first mention of phishing is on the alt.2600 hacker newsgroup in January 1996; however, the term may have appeared even earlier in the printed edition of the hacker newsletter "2600 Magazine". The term phishing was coined by some crackers attempting to steal accounts from unsuspecting AOL members. The cracker posed as an AOL staff member, sending an instant message to a potential victim, asking the victim to reveal his or her password. In order to lure the victim into giving up sensitive information, the message might include the text "verify your account" or "confirm billing information". Once the victim submitted his or her password, the attacker then accessed the victim's account and used it for various criminal purposes, such as spamming. "Ph" is a common hacker replacement for "f", and is a nod to an older form of hacking known as "phone phreaking"; since the technique is used to fish for information, it became known as phishing.

Damage Caused by Phishing

The damage caused by phishing ranges from a user not able to access their email to losing all the money in their bank account. This style of identity theft is becoming more popular, because unsuspecting people are divulging personal information to phishers, including credit card numbers and social security numbers. All phishers need to do is to obtain a user's personal information from one of their phishing attacks. Once this information is acquired, the phishers can use a person's private information anyway they desire. They can create fake accounts in a victim's name, ruin a victim's credit, they can even prevent victims from accessing their own accounts that were phished.

This article is adapted from: wikiPedia.com.