Phishing Is On The Rise, What Is Phishing Anyway?

How much personal information do we give away without even realising it?

We give information out all the time, often without realising it, and when we aren’t giving it away someone somewhere is probably losing it (but that’s another story!). For example, how many times have you used a telephone number, post code, or car registration number as part of a username or password? What about the information you may have put into social media networks or information you might have inadvertently given away in uploaded photographs?

Some of the everyday information we give away may not be too much of a worry to us but what about passwords and usernames for our online banking or credit card service? Even worse – what about our pin number and security code on our banking cards? Using the same password for multiple online services can also put us at risk if a fraudster should get hold of our information.

The act of phishing is the attempt to gain information about us that can be used fraudulently, and it is an activity that appears to be on the rise (Source: Gartner, 2009). The next time you get an email allegedly from your bank, or from a delivery carrier, or the tax office, think twice about clicking on any link.

Often, the very act of clicking a link, contained within a scam email, can alert attackers to the fact that the email address they have targeted has a real person at the other end.

Many phishing attacks arrive in electronic mail and contain a link which takes you to a website which is often a copy of the visual style of the expected service provider. The site asks you to enter personal information to “log in” or “authenticate” and behinds the scenes this information is forwarded to the attackers. Unfortunately, it’s very easy to setup a website for malicious use and it’s usually very low cost to get started which makes it a tempting proposition to those seeking to make money out of you. It used to be quite easy to spot a phishing site due to grammatical errors, spelling mistakes, or poor graphics and layout, however it is sadly becoming more difficult to tell the fake sites from the real ones.

On the rise for phishing attacks are mobile devices (Source: Mobile World Congress: mobile spam starting to cause problems), social networks, micro-blogging services (such as Twitter), and malicious code embedded in infiltrated websites – so phishing is spreading out of the realms of email alone.

If you consider that over 100 billion SPAM messages are sent every day, it only takes a tiny percentage to earn scammers small fortunes which makes it an even more tempting proposition for them. Remember, whenever there is a time sensitive issue (tax return, emergency aid), there may be a phishing attack so remain vigilant with your communications.

Further Reading

• San Francisco Chronicle: New phishing scams attack with precision
• eWeek: Phishers Making A Bid With Auction Marketing Tools
• BBC News: Warning over tax return deadline e-mail ‘phishing’ scam
• BBC News: Phishing attack nets 3 million euros of carbon permits
• Computeractive: Phone phishing attacks on the increase
• Computer Weekly: HMRC issues ‘tax refund’ phishing e-mail alert
• CNN: Reports: Phishing attack hits Twitter
• Infosecurity Magazine: Adult phishing migrating to social networking sites says Symantec
• ComputerWorld UK: Haiti earthquake spurs resurgence of Nigerian 419 spam
• Tech Digest: Spam attacks already begin to flood Google Buzz
• IDG: Cybercriminals exploit Haiti tragedy with malicious attacks
• Daily Mirror: Are you a fish in the Cyber Sea?? Be Aware! Phishers are here!