If you are visiting this website for the first time, thanks for checking us out! Please explore the site and in particular look back at the last few blog posting we have created. We have been looking into the dark world of “Chasing Gremlins” CSI Onsite’s term for trouble shooting Viruses, Malware, Worms, etc…
Phishing is the term used in the IT industry to describe the methods used to discover and record information by masquerading as a trustworthy source through electronic communication. The “phisher” will attempt to find your passwords, usernames and of course and credit card information if at all possible.
The “Phisher” will send communications pretending to be from online payment processors, social web sites, and sales/auction sites, to lure unsuspecting computer users. Phishing is typically carried out by e-mail spoofing or instant messaging and it often directs users to enter details at a fake website whose overall appearance very, very closely resembles the original, legitimate one. They go to great pains to make the fake site almost identical to real site…sneaky little weasels!
How Phishing is done:
Phishers customers of financial institutions such as online payment services and banks. E-mails, purportedly from the IRS, have been used to gain sensitive data from taxpayers .The first examples of phishing seemed to be sent out in more of a probing, recon fashion. It is believed that the purpose was to determine which banks potential victims use, and then design and target their e-mails accordingly.
Social networking sites have become a prime target for phishing. This is because of the amount of personal information contained by such sites greatly increases the success of identity theft. In 2006 a computer worm took over pages on My Space and altered links to direct users to websites designed to steal login details. Research shows phishing attacks on social networks are especially successful with a success rate of over 70%.
There are anti-phishing websites that offer to keep you abreast of the latest phishing scams such as FraudWatch International and Millersmiles. Most of us at CSI Onsite are naturally suspicious of email we receive from unfamiliar sources. Some have called us paranoid, but when you have to clean out as many computers as we have the caution is warranted. And ya know just because you’re paranoid doesn’t mean they aren’t out to get you.
Clone Phishing: A legitimate previously delivered email containing an attachment or link has had its content and recipient address (es) taken and used to create a cloned email. The attachment or Link within the email is replaced with a malicious version and then sent from an email address spoofed to appear to come from the original sender.
Phishing: Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication.
Phone phishing: Still electronic, but not using a fraudulent email. Messages that claimed to be from a bank told users to dial a phone number regarding problems with their bank accounts.
Spear Phishing: Targeted versions of phishing have been termed spearphishing.
Whaling: Targeting senior executives & high profile targets within corporations.
Link manipulation: Technical deception designed to make a link in an e-mail (website it leads to) appear to belong to the spoofed organization. Misspelled URLs or the use of sub domains are common tricks used by phishers.
Filter evasion: Phishers have used images instead of text to make it harder for anti-phishing filters to detect text commonly used in phishing e-mails.]
The greatest weapon against phishing is one word: Education. Of course there are different techniques to combat phishing and most internet browsers come with anti-phishing software.
Here are a few simple tips to follow:
- Modifying your browsing habits.
- Look for legitimate information that only your financial institution would have access to
- Pay attention to little details in emails (URLs, Hyperlinks, etc)
- Protect & periodically change passwords
- Work with a trusted , professional IT technician to create anti-phishing protocols (specifically in a corporate environment)
If you would like to speak with one of our well groomed and highly trained technicians to discuss the dangers of phishing and develop a plan for protection for you and your company, send us an email, leave a comment, or give us a call.
Have a fantastic, phish free day.