A Criminal in Your Computer: The Foul Art of Phishing

Phishing. What is it…and would you know it if you saw it?  You may think so–but watch out: today’s phishing techniques are more sneaky than ever. Here’s the quick-and-dirty on how computer criminals are faking their way into bank accounts just like yours (and what you can do about it).

Fishy Business

Phishing involves posing as a trusted entity, such as a well-known bank or credit card company, in an effort to obtain a password or other account information from an unsuspecting victim. (The word is a combination of “fishing”–casting out for and reeling in information–and “phreaking,” or hacking via networked communications, a word made popular in the 1980s.)

Currently more than 15 years into its fraud-based history, phishing remains a top source of income for thieves looking to get their hands on your money. And surprise–though you think you’d be able to spot a fake a mile away, computer-savvy individuals and even companies have been fooled by expert phishers. In fact, in excess of three million internet users were duped to the tune of $3.6 billion in the U.S. for 12 months ended August 2007, according to data.

Hook, Line and Sinker

Phishing made its rather unsavory debut In the late 1980s and officially received its name in the 90s. During this time period the internet-using public fell victim to a series of phishing activities via AOL. Fledgling phishers posing as AOL workers sent so-called “account verification” e-mails en masse to account holders still relatively new to the world of online communications. The fraudulent e-mails, and their wording, became more and more savvy until AOL cracked down, notifying all its users that “AOL will never request your password or billing information”.

Rather than being deterred by these measures, computer criminals moved on to posing as various financial institutions. Today, banks, credit card companies and other companies that perform online transactions are a phisher’s paradise. Using more and more sophisticated software, criminals engaged in phishing are so good at imitating other companies that customers have even been fooled into thinking they were being contacted by the IRS.

How It’s Done

So how exactly so “phishers” get away with it? In general, fraudulent e-mails get their legitimate look via a form of link manipulation in which a link in the fraudulent e-mail appears to have a legitimate source. Phishing e-mails often contain a salutation such as “Dear Accountholder” or “Dear Cardholder” in the subject line. A fair amount of e-mail recipients are bound to have accounts with or at least have dealt with the organization in the past, and the rest will typically trash the e-mail, making phishing low risk for the criminal for long enough to get a hold of the goods…and run.

There’s an even more insidious factor at work here: those with a knack for hacking often sell their services on the sly, creating and distributing the slick software phishers need. Unfortunately, this computer savviness also makes the disreputable software creators hard to catch.

What You Can Do

When it comes to online fraud, both the government and big business are on your side: in 2004, the Federal Trade Commission (FTC) in the U.S. and 26 regulatory organizations abroad launched “Secure Your Server,” a campaign designed to help stem the flow of bogus e-mails. Since then, both the government and the private sector have initiated a number of lawsuits against suspected scammers.

While law officials work to better identify and prosecute online criminals, you can do your part to protect your accounts by keeping the following in mind:

• Never open an e-mail from a financial institution you don’t know. Your best bet is to delete the e-mail without opening it.
• If you accidentally open an e-mail from such an institution, do not click on any links. This is vitally important. Instead, back up and delete the entire e-mail.
• If you receive an e-mail from an institution you do business with and there are requests for any type of identifying or account information, place a phone call to the company and read the e-mail to a representative to verify its authenticity.

These measures won’t guarantee that you’ll never be the victim of online fraud, but they will significantly reduce the chances of it happening. Keep alert to possible phishing and other online fraud schemes and you can be part of the solution rather than the unwilling recipient of the problem.

2 Responses to “A Criminal in Your Computer: The Foul Art of Phishing”

1. phishing, social security number » Credit Identity Safe Says:
   November 4th, 2008 at 6:22 am

   [...] request to “update” your information. (In the case of an e-mail, this is known as “phishing“.) Never give your SS number out over the phone or via e-mail…no matter [...]

2. Data Breaches, Redux » Credit Identity Safe Says:
   February 14th, 2009 at 4:40 pm

   [...] example, phishing is now targeted, rather than being a half-dash potpourri inserted into mass inboxes. That’s [...]

• Home
• What is ID Theft?
• How to Prevent Identity Theft
• Credit Monitoring Services
• Identity Theft Protection
• What is a Credit Report?
• Compare Services
• Free Credit Reports

• Lifelock
• Identity Guard
• Trusted ID

• Learn the Scams
• Recovering from ID Theft

Please contact us for more information or questions about this website.

Learn more about us and what this website can do for you.

If you find this site to be of interest, please link to us.

Visit our directory for related websites and services you may be interested in.

Browse our site map for all articles and resources on identity theft.

Please read our privacy policy and terms of use.

Bookmark this Page