Phishing

DEFINITION

Phishing is any attempt-via phone, email, instant messaging (IM), or fax-to procure your personally identifiable information with the intent of stealing your identity (and, ultimately, your money). Most of these attempts are in the guise of a legitimate purpose; in other words, they appear to be valid, yet are indeed a criminal enterprise. A typical electronic phishing attack comprises two components: an authentic-looking email and a fraudulent web page. This renders phishing a particularly insidious and damaging activity, because its perpetrators are adept at appealing to a victim's sense of legitimacy. HTML-based emails often include company logos, colors, graphics, font styles, and other elements, and cover topics such as account problems, account verifications, security upgrades, and new product or service offerings. Web links included in these emails almost always possesses the look and feel of the legitimate sites they copy, making the fraud almost impossible to detect.

Pharming is similar to phishing. Instead of directly soliciting personal information, however, pharming hijacks legitimate URLs-such as "www.mybank.com"-and redirects them, via the domain name server (DNS), to fraudulent IP addresses which look like the originals. These spoofed URLs then collect, via a graphical user interface, your personal information without your ever noticing the difference. Because pharming requires a much higher degree of technical acuity to perform-and because the DNS is very difficult to manipulate-it is far less common than phishing. However, it is still possible that pharming will become an increasing threat in the near future.

HOW TO TELL IF YOU'VE BEEN TARGETED BY A PHISHING OR PHARMING ATTACK

In this day and age, any request for confidential information should be considered suspect. No legitimate business-including banks, credit card companies, online auction sites, frequent flier programs, and the like-uses email to request or verify personal information. In addition, unless you have initiated a phone conversation in which such information is requested, you should assume the request is fraudulent.

HOW TO PROTECT YOUR PCS AND MOBILE DEVICES FROM PHISHING AND PHARMING

  • Be skeptical. Do not rely on your personal discernment to distinguish between legitimate and unlawful requests for confidential information. Phishers and pharmers are sophisticated criminals who are well versed in defrauding even the most savvy end-users.
  • Never surrender personal information to an individual or business you don’t know—especially if you did not initiate the communication.
  • Delete any email that requests confidential information. If you believe the request is legitimate, use an established phone number to verify the request; only then should you share the information over the phone.
  • Purchase and install anti-phishing and anti-pharming software. Trend Micro offers the following anti-phishing and anti-pharming solutions for individual users:
  • Keep all email and IM security patches up to date.
  • Check with your Internet Service Provider (ISP) to see what level of protection is provided against phishing and pharming.

OTHER RESOURCES

 

Quick Links