Phishing Basics

Phishing is the use of instant messengers or emails to retrieve private information fraudulently. Many of today’s common phishing scams involve a criminal using the name of a popular social networking, email, or auction site to convince internet users to supply sensitive information about themselves.

A Brief History of Phishing

There is some discrepancy about the first use of the word “phishing,” but it likely occurred in a Usenet post on January 2, 1996. Phishing techniques, however, had been described as early as 1987 without using the word.

Early phishing attempts commonly involved individuals posing as AOL representatives to gather information about this company’s subscribers. Phishers would send emails or instant messages directing subscribers to verify their account or confirm their billing information. AOL quickly improved their security measures to prevent their customers from falling prey to phishing schemes.

Problems Created by Phishing

Individuals who respond to phishing requests provide criminals with sensitive information. Sometimes this information just involves their email passwords, which allows the phisher to use this address to send spam. At other times, though, the consequences are much more serious. Phishing scams that use the names of online auction sites, banks, or credit card companies can gain access to financial information that allows them to steal money and apply for lines of credit fraudulently. This can cause financial distress for victims of phishing scams by damaging their credit reports and spending their money.

How Today’s Phishing Schemes Work

One of the best ways to protect yourself from scams is to learn some basics about phishing techniques. Most phishing schemes involving sending hundreds or thousands of fraudulent messages to potential victims. The criminals know that sending out large numbers of messages increases the chances that someone will respond to their request.

Phishing Techniques with Fraudulent Designs and Email Addresses

Most of today’s phishing schemes involve using the names and logos of web sites that people trust. A phisher might, for instance, send an email that uses the Facebook logo to convince social networking clients that the message is legitimate. The phisher might even send the message from an email address that incorporates the name of the social networking site. For instance, when imitating a Facebook representative, a phisher might send messages from an address such as request@facebookservice.com. This convinces some individuals that messages come from legitimate sources.

Phishing Schemes that Use Imperative Statements

Many of the phishing schemes also use imperative statements to convince individuals that they must respond immediately. For instance, someone with a PayPal account might get an email stating that they must respond with their log-in and password information immediately or their account will be disabled. Since the person does not want to lose access to the account, he or she responds with the private information.

Avoiding Phishing Scams

The best way to avoid phishing scams is to protect your private information. Few legitimate companies will contact their customers about providing log-in or password information. If you receive an email that you believe is legitimate, then you should contact the company’s customer service department through their website. Start by entering the legitimate website address into your browser, or use a bookmarked page to reach the site. Do not simply reply to the email or click a link in an email in attempt to verify its legitimacy because the response could come from the criminal rather than the company.