Malicious or misleading e-mails sent with the intent to harvest personal information including passwords, credit cards, personal details.
The act of soliciting or encouraging people to divulge personal information to be sold or used to gain unauthorized access to online systems with the purpose of committing a crime (theft, fraud, etc.). Click for Wikipedia Phishing page.
Evidence shows that there is a thriving black market for personal information. Almost anything that can be stolen can be sold to somebody. This includes:
How is this information stolen? By crafting e-mails that look like they came from a trusted site (your bank, a popular website, etc.) that lead you to divulge personal information.
Phishing is a major crime. Estimates are that losses due to Phishing attacks cost the United States alone more than $1Billion/year.
Phishing attacks can be categorized by the type of information they attempt to harvest:
Personal Information is acquired by e-mails offering low interest loans with no credit checks, unsolicited job offers, etc. Upon success, the scammer has your personal details which can be used to commit identity theft.
Account Information is harvested using e-mails that ask you to verify your creditentials, change your password, update your account, re-activate your account or log in to get a private message. The successful attacker acquires your credentials and can access a web site as you, move money from your bank account or spam people using popular online e-mail services.
Taking Over Your Computer. Phishing attacks can start by tricking you to download malware onto your computer (by forging web links to popular sites). Once malware is installed on your computer, the computer can be scanned for personal information (e.g.: account passwords and links stored in web browsers) which is then stolen. Malware can also redirect your browser to phishing web sites that masquerade as legitimate sites to steal your information.
Yes... within limits. We've all seen poorly crafted e-mails that are obviously bogus. Messages like:
These are easy to spot and ignore.
Not so easy to spot are high quality, sophisticated phishing attacks that spoof trusted web properties. Technically savvy criminals send out e-mails that look like (and often include elements of) legitimate e-mails from banks, PayPal, eBay, Facebook and other online properties.
How do you protect yourself from high quality forged e-mail? One way is to inspect the message thoroughly. Here are some tips:
The problem is, not everyone has the time or is technically sophisticated enough to correctly detect and avoid phising messages with a 99+% accuracy. Even if you are, it takes time to conduct these reasonableness tests on each message. It is better to rely on a quality spam filter to do the job for you.
The best protection against Phishing is to have your spam filter eliminate phishing e-mails as soon as they are received. If phishing messages never make it into your in-basket, then you can't be tricked.
Here are just some of the things that PerfectMail does to keep you protected:
The result? PerfectMail keeps you and your team safe from the risks and costs of phishing e-mails. It correctly blocks these threats while ensuring that legitimate messages from popular web properties and financial institutations are handled correctly.
Phishing is a very real threat - thousands of people each year are victimized by phishing. With the right approach and the right tools, this doesn't have to include you.
-- Larry Karnis