What is phishing?
>> Sunday, September 06, 2009
So, what is phishing? In a nutshell, phishing is the act of stealing one’s personal information by pretending to be a legitimate and trustworthy entity. Most commonly the target websites are E-Mail services and E-Commerce websites. According to www.phishtank.com, in the month of December, 2008 the top targets for phishing attacks were:| Top 10 Identified Targets | Valid Phishes | |
|---|---|---|
| 1 | JPMorgan Chase and Co. | 12,110 |
| 2 | PayPal | 7,369 |
| 3 | eBay, Inc. | 262 |
| 4 | Bank of America Corporation | 212 |
| 5 | Sulake Corporation | 199 |
| 6 | 169 | |
| 7 | Poste Italiane | 163 |
| 8 | Internal Revenue Service | 142 |
| 9 | Capital One | 128 |
| 10 | Wells Fargo | 73 |
Phishing attacks are most commonly executed through E-Mails. The E-Mails look like they come from trusted sources and ask for personal information like usernames, passwords, credit card numbers, and social security numbers.
To avoid falling for phishing attacks, never go to important websites through links in E-Mails. Also, when logging into a website like Yahoo.com, look at the site URL and make sure it says www.yahoo.com or a subdomain like login.yahoo.com. If it doesn’t, you know that it is a fake. For more information on avoiding phishing scams see antiphishing.org.
To learn how phishing sites are created and executed, see the Hacker’s Underground Handbook.
