2008 Woodie Awards
Hook, Line, and Sinker
Jonathan King
Issue date: 9/26/07 Section: Opinion
- Page 1 of 2 next >
"Valued eBay member, according to our site policy you will have to confirm that you are the real owner of the eBay account by completing the following form or else your account will be suspended within 24 hours for investigations." "Dear Washington Mutual customer, we recently reviewed your account, and we suspect an unauthorized ATM and/or PIN- based point of sale transaction on your account." "Sir/Madam, we are pleased to inform you of the result of the Lottery Winners International programs."
Do any of these sound familiar? Like most email users, you have probably been the target of a phishing scheme at some point or another. A phishing attack is designed to utilize social engineering and technical deception to lure people into divulging personal and financial information such as social security numbers, credit card numbers, usernames, and passwords.
Most methods of phishing deceive a user by presenting a link that is designed to appear legitimate, but redirects the user to a fake website. To mask the deception further, some phishing scams alter the address bar using JavaScript commands. Other schemes include planting malicious software (malware) such as viruses, worms, and Trojans, on a user's computer to steal information. This is often done by programs used to record keystrokes or capture data inputs on a screen.
Recently, there have been an increased number of phishing attacks targeting customers of banking institutions and on-line payment services such as PayPal. Social networking sites such as MySpace are also a target of phishing scams since personal information on such sites can often be easily obtained. Generally, email and instant messenger are the most common medium for phishing scams. However, the use of a fake website is not required. Phone phishing is also a viable method for potential attackers. An attacker can leave a message claiming to represent a bank and request a user to dial a specific phone number in regards to a problem with their account. Using a Voice over IP service, the attacker can prompt the user to enter and account and pin number. Furthermore, a phone phishing scheme will use fabricated caller-ID data to pretend to be a legitimate organization.
Do any of these sound familiar? Like most email users, you have probably been the target of a phishing scheme at some point or another. A phishing attack is designed to utilize social engineering and technical deception to lure people into divulging personal and financial information such as social security numbers, credit card numbers, usernames, and passwords.
Most methods of phishing deceive a user by presenting a link that is designed to appear legitimate, but redirects the user to a fake website. To mask the deception further, some phishing scams alter the address bar using JavaScript commands. Other schemes include planting malicious software (malware) such as viruses, worms, and Trojans, on a user's computer to steal information. This is often done by programs used to record keystrokes or capture data inputs on a screen.
Recently, there have been an increased number of phishing attacks targeting customers of banking institutions and on-line payment services such as PayPal. Social networking sites such as MySpace are also a target of phishing scams since personal information on such sites can often be easily obtained. Generally, email and instant messenger are the most common medium for phishing scams. However, the use of a fake website is not required. Phone phishing is also a viable method for potential attackers. An attacker can leave a message claiming to represent a bank and request a user to dial a specific phone number in regards to a problem with their account. Using a Voice over IP service, the attacker can prompt the user to enter and account and pin number. Furthermore, a phone phishing scheme will use fabricated caller-ID data to pretend to be a legitimate organization.
Be the first to comment on this story