|
In this article:
- What is Phishing
- History of Phishing
- How to tell if you have a phishing mail
What is Phishing
Phishing is a type of criminal activity that makes use of social engineering techniques to acquire sensitive information of the victim. Persons who indulge in phishing are called Phishers. They often try to retrieve information such as passwords or credit cards by acting as a trustworthy person or business. Essentially, phishing is done over the internet by using e-mails or instant messaging. Phishing is an illegal activity and is often dealt with seriously through legislation. A phisher, when caught and proven guilty is imposed with huge fine and imprisonment.
History of phishing
Phishing came to the front somewhere around 1996. Phishing as a term has been derived by combining password and harvesting. Phishing started on AOL for getting access to AOL accounts. The reason the phishers started doing this kind of work was that in 1995, AOL brought corrective measures to prevent such people from using algorithmically generated credit card numbers to open an account with AOL. It was this that made them search for ways to go into legitimate AOL accounts and that was when phishing developed.
Phishing on AOL was basically related to the warez community that used to exchange pirated software titles. In such a case, the cracker would often act as being an AOL employee and sent e-mails or instant messages to a victim. The victim was lured into giving his password for the AOL account. This was done by adding text to the message that read something like “Verify your account” or “Confirm billing information” etc. Once the phisher was able to lay his hands upon the password of a victim, he could easily use the person’s account for all sorts of illegal activity such as spamming. Fed up with the phishing going on, AOL added a message to all Instant Messages that read – “No one from AOL would ever ask you your account information or password through e-mail or IM.” The same message is being used by companies today that include PayPal.
Phishing came to an end on AOL in 1997 when AOL started closing accounts of phishers promptly even before a victim could respond.
Recently, however, phishing has begun moving towards more serious frauds and is directed towards bank websites and other online payment services such as PayPal. Even the taxpayers from the US have been phished to reveal sensitive data. When this trend began, the phishing mails were sent at random in the hope of getting in touch with a banks real customer. However, most of the time, it did not lead to any success for the phisher. Afterwards, however, phishers have been able to pin-point real customers of a bank or service and have sent mails to them. Such mails are often called spoofed mails.
How to tell if you have a phishing mail
There are certain things in a phishing mail that giveaway the fact that it is spoofed. Here are some of these identifiers:
- Spelling mistakes
Spoofed mails often contain serious spelling mistakes which one cannot expect from a professional service. For example, the bank’s name maybe spelt wrong at a particular place or certain other words maybe spelt wrongly. An example is “choise” for “choice”.
- Images
Spoofed e-mail often contains images that are not real such as the sign of a bank. This is so because the phisher has tried to reproduce it using some software and hence an exact replica is sometimes not possible. Such a mistake can be confirmed by a close examination and comparison of the image in the mail and the real mail.
- E-Mail Headers
E-Mail headers are another way to tell if a mail is spoof. E-mail headers show where the e-mail originated hence revealing the identity of the phisher.
- Link addresses and IPs
Such e-mails often contain links to websites where one needs to enter his password in order to “verify his account”. A closer look on such links (called hyperlinks) would tell that they point to strange websites which read something like http://72.68.34.76/verify. If the mail was to be from the bank, the website name would have been that of the bank.
|
