Phishing: What Is it and How to

Phishing: What is it and how to prevent it? 'Phishing' messages have grown increasingly common online. Phishing is a scam technique used to solicit user's credit card information, social security numbers, and other vital data. "Phishing messages usually take the form of fake notifications from banks, providers, e-pay systems and other organizations. The notification will try to encourage a recipient, for one reason or another, to urgently enter/update their personal data. Such excuses usually relate to loss of data, system breakdown, etc." (What is phishing, 2012, Secure List).

These messages may be sent in a general fashion or to a target base of users. It is not unusual to get a phishing message from, say, Bank of America, even though the recipient has no Bank of America account. The hope is that users who do use BoA will mistake the message for a real notification, open the email, and follow the instructions.

Scare techniques prompt the user to enter their data: "if you do not provide your personal data by the end of the week, your account will be blocked" (What is phishing, 2012, Secure List). "Some phishing emails will deliberately misspell key words to bypass SPAM filters, which most people would not recognize when quickly glancing at the subject line" (Phishing email scams, 2012, Fraud Watch International). Phishers often use photoshopping or other forms of technology to make their correspondence look 'official,' which can catch casual readers off-guard.

While the wording and the visuals may be questionable, this may go unnoticed on a first glance. But "the 'quality' of phishing messages is usually very high. A fake site will generally look exactly like the original so that a user will not suspect anything is wrong when they enter their user name and password to access the site" (What is phishing, 2012, Secure List).

The fact that 'multitasking' is so common when users are online also is conducive to phishing, as a user may not think twice about why the bank he or she patronized yesterday suddenly claims there is a problem with a transaction and needs his or her security code or ATM number. Phishers do not always use the data themselves; they may sell the information to third parties to reduce the risk of getting caught.

Because anti-phishing software quickly catches and blocks most phishing sites, phishers must continually set up new websites to run their schemes. Of course, "sometimes a user is required to enter their confidential data on the same page as the message itself. Everyone should be alert to the fact that no legitimate bank or other similar organization would ever ask a user to do this" (What is phishing, 2012, Secure List).

Other phishing emails are more sophisticated and use disguised hyperlinks: the reader clicks to a link that looks legitimate, but a fraudulent site is hidden in the actual email (Phishing email scams, 2012, Fraud Watch International). Fraudulent phishing websites "utilize copied images, text and in some cases simply mirror the legitimate web site" (Phishing website methods, 2012, Fraud Watch Intern). They may have a URL very similar to the original website or create a false address bar that hides the website's true address. To.