|
What is phishing, Pharming, and Spoofing?
Phishing
(pronounced "Fishing") attacks use both social engineering and technical subterfuge to
steal consumers' personal identity data and financial account credentials.
Social-engineering schemes use 'spoofed' (fake) e-mails to lead consumers to
counterfeit websites designed to trick recipients into divulging financial data
such as credit card numbers, account usernames, passwords and social security
numbers. Hijacking brand names of banks, e-retailers and credit card companies,
phishers often convince recipients to respond. Technical subterfuge schemes
plant crimeware onto PCs to steal credentials directly, often using
Trojan keylogger spyware. Pharming (pronounced "Farming") crimeware misdirects users to
fraudulent sites or proxy servers, typically through DNS hijacking or poisoning. Phishing schemes can be carried out in person or over the
phone, and are delivered online through spam e-mail or pop-up windows.
How does phishing work?
A phishing scam sent by e-mail may start with con artists who send millions of
e-mail messages that appear to come from popular Web sites or sites that you
trust, like your bank or credit card company. The e-mail messages, pop-up
windows, and the Web sites they link to appear official enough that they deceive
many people into believing that they are legitimate. Unsuspecting people too
often respond to these requests for their credit card numbers, passwords,
account information, or other personal data.
What does a phishing scam look like?
As scam artists become more sophisticated, so do their phishing e-mail messages
and pop-up windows. They often include official-looking logos from real
organizations and other identifying information taken directly from legitimate
Web sites.
Click
here to see an example of what a phishing scam e-mail message might look like.
To make these phishing e-mail messages look even more
legitimate, the scam artists may place a link in them that appears to go to the
legitimate Web site (1), but it actually takes you to a phony scam site (2) or
possibly a pop-up window that looks exactly like the official site. These
copycat sites are also called "spoofed" Web sites. Once you're at one
of these spoofed sites, you might unwittingly send personal information to the
con artists. They then often use your information to purchase goods, apply for a
new credit card, or otherwise steal your identity.
|
|
