Thursday, October 15, 2009

Phishing : An Introduction

In this post, I will explain what is phishing and what are it's symptoms. In next few posts, I will explain phishing in deep.

In simple words, phishing refers to steal of some one's personal information like e mail id and password, credit
card details, security index etc. First 'phishing' technique is explained in 1987 and first phishing crime is recorded in 1995, January 2.

Definition of Phishing :
“Phishing” is a form of Internet fraud that aims to steal valuable information such as credit cards, social security numbers, user IDs and passwords. "
Earlier, phishing crimes are mostly related to AOL which are related with 'Warez' community. This community is mostly connected with distribution of pirated softaware. In later days phishing crimes are diverts to financial institutes and credit card fraud are becoming phishers favourites.
But today 'social networking sites are' favourite target of phishers which results in the 'identity theft'. Some download sites like Rapidshare are soft target phishers in which premium account password and id are hacked.

How does Phishing took Place :
Phishing does not require that a phisher is a expert but an intelligent (evil brain) with little knowledge about emails, HTML and websites can easily 'Phish' the people. Today, Phishing is mostly by two ways :

1) Phishing by e fake mails :
2) phishing by fake web sites :


In most of the cases, both e mail and web site phishing are used altogether.

1) Some Scenarios :
1) Sometimes, when you open your inbox, you find out that there is a e mail from a reputed company or organisation or bank. e mail describe that respective organisation is chose you as winner of their contest or something else and you will won a plasma TV or something like that. For that purpose, they asked you to call you on a phone line. When you call they asked you to submit your credit card detail to further processing. You are excited and submit it. And and After some days,your account has zero balance and that organisation did not arrange any such contest.
2) In another way, A e mail in your inbox claiming that it is from a financial institute in which you have account. e mail asked you to submit your account id and password because that organisation facing some problems like data loss. The e mail further said that if you does not submit your details, your account will be destroyed. You got frustrated and immediately submitted your details and became victim of phishing.
3)Some, e mail sent you a link which claims that it is official site of a reputed organisation. But, that web site is owned by phishers and has same look and feel like official web site and little spelling difference in official URL. For example Fake Microsoft website may have URLs like :
www.mircosoft.com;
www.helpatmicrosoft.com;
www.micosoft.com
You entered your personal details on fake web site and it is immediately available to phishers.
In next few posts, I will explain phishing and their remedies in detail.