In computing, phishing is the act of attempting to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business with a real need for such information in a seemingly official electronic notification or message (most often an email, or an instant message). It is a form of social engineering (computer security) attack. ([http://purl.org/net/tbc/misc/phish001.htm See an example].) The term phishing comes from the fact that Internet scammers are using increasingly sophisticated lures as they "fish" for users' financial information and password data. The first mention on the Internet of phishing is on the alt.2600 hacker newsgroup in January 1996, however the term may have been used even earlier in the printed edition of the hacker newsletter "2600". ==Early History== The term was coined in the mid 1990s by cracker (computing)s attempting to steal AOL accounts. An attacker would pose as an AOL staff member and send an instant message to a potential victim. The message would ask the victim to reveal his or her password, for instance to "verify your account" or to "confirm billing information". Once the victim gave over the password, the attacker could access the victim's account and use it for criminal purposes, such as spam (electronic)ming. "Ph" is a common hacker replacement for "f", and is a nod to the original form of hacking, known as "phone phreaking". There is also an Ireland Internet Relay Chat network called Phishy, although it predates the use of that term for anything illegal. ===Early Phishing on AOL=== Those who phished on AOL during the 1990s originally were getting on AOL with fake, algorithmically generated credit card numbers. The accounts would last weeks to months and then they would have to make new ones. To prevent this from happening, AOL adapted tougher regulations for their system in late 1995. As a result of this, the people who created the fake accounts resorted to phishing for legit AOL accounts. The phishing on AOL was closely associated with the warez, that exchanged pirated software. However in 1997, AOL's policy with phishing and warez became stricter and forced pirated software off AOL servers. Around that time also, phishing was so prevalent on AOL that AOL added a line on all instant messages that said no one working at AOL will ask for your password or billing information — yet still despite this, phishing for both continued to work. Around that time as well, AOL developed a system to quickly deactivate any account phishing — booting them offline often before their phishes could respond, so they then lost more accounts phishing than they gained. The phishers attempted to get around this problem by phishing moving to AOL Instant Messenger(AIM). They made this move because they could not be banned on the server. The shutting down of the warez scene on AOL caused most phishers to leave the service. Also, the phishers themselves eventually grew older (many were young teens) and got jobs to pay for an Internet Service Provider legitimately. Both phishing and warez on AOL generally required special programs, and if these programs were popular, their creators, always going by aliases, became well-known in these circles. The first program well-known for phishing, warez, and other disruptive activities on AOL was AOHell. ==Additional attack methods== Besides URL spoofing, it is also possible for the attacker to utilize the bank/service's own scripts against them. These attacks are particularly problematic because they actually direct the user to sign in at their bank/service's own web pages, where everything from the URL to the SSL certificate are correct. Example: [https://signin.ebay.com/ws/eBayISAPI.dll?SignIn&UsingSSL=1&pUserId=&co_partnerId=2&siteid=0&ru=http%3A%2F%2Fcgi4.ebay.com%2Fws%2FeBayISAPI.dll?MfcISAPICommand%3dRedirectToDomain%26DomainUrl=http%3A%2F%2F127.0.0.1%2FeBayISAPI.php&pageType=1883] (address changed to protect the reader) While clicking on this link brings you to eBay's site to log in, it then forwards the authenticated request to another domain/server, where the hacker's harvesting script is potentially waiting for this information. If you are contacted about an account needing to be "verified," you should contact the company directly, or type in the address for their webpage. Be especially concerned about an address containing the "@" symbol, for examplehttp://www.google.com@members.tripod.com/ . These addresses will attempt to connect as a user www.google.com to the server members.tripod.com. This will very likely succeed even if the user does not exist, and the first part of the link may look legitimate.
The same is true for misspelled URLs or subdomains, for example http://www.yourfavbankdomain.com.spamdomain.net .
Secunia has issued a security advisory on the IDN spoofing issue [http://secunia.com/advisories/14163/], based on the IDN homograph attacks identified by Eric Johanson [http://www.shmoo.com/idn/homograph.txt]. Users of web browsers that implement IDN are affected. Some websites have noted that Internet Explorer is safe from this issue. This is misleading, since Internet Explorer has not implemented IDN, and the Verisign IDN plug-in is affected [http://secunia.com/advisories/14209/]. Mozilla developers Darin Fisher and Ben Goodger point out that ICANN should prevent the registration of malicious domain names. The IDN bug was partially fixed in Mozilla and Mozilla Firefox in 24 hours after the bug was announced publicly [http://www.boingboing.net/2005/02/08/mozilla_and_firefox_.html]. Apple later fixed this flaw in Safari (web browser) [http://docs.info.apple.com/article.html?artnum=301116].
Also, some companies like eBay and PayPal always address you by your username in e-mails. If an e-mail addresses you by a generic denomination, for example "''Dear valued eBay member''", it is definitely fake, an attempt at phishing.
==Phishing example==
The following is an example of a phishing e-mail.
:From: eBay Billing Department
:To: xxx@aschool.edu
:Subject: Important Notification
:Register for eBay
:Dear valued customer
:Need Help?
:We regret to inform you that your eBay account could be suspended if you don't re-update your account information. To resolve this problems please click here and re-enter your account information. If your problems could not be resolved your account will be suspended for a period of 3-4 days, after this period your account will be terminated.
:For the User Agreement, Section 9, we may immediately issue a warning, temporarily suspend, indefinitely suspend or terminate your membership and refuse to provide our services to you if we believe that your actions may cause financial loss or legal liability for you, our users or us. We may also take these actions if we are unable to verify or authenticate any information you provide to us.
:Due to the suspension of this account, please be advised you are prohibited from using eBay in any way. This includes the registering of a new account. Please note that this suspension does not relieve you of your agreed-upon obligation to pay any fees you may owe to eBay.
:Regards,
:Safeharbor Department
:eBay, Inc
:The eBay team.
:This is an automatic message. Please do not reply.
==Response by authorities==
In the United States, Democrat Senator Patrick Leahy introduced the ''Anti-Phishing Act of 2005'' on March 1, 2005. The federal anti-phishing bill proposes that those criminals who create fake Web sites and e-mail spam bogus e-mails in order to defraud consumers could be fined up to $250,000 and have jail terms of up to five years imposed upon them (''Information Week'', March 2, 2005).
Microsoft has joined in on the effort to crack down on phishing. On March 31, 2005 Microsoft filed 117 federal lawsuits in the U.S. District Court for the Western District of Washington. The lawsuits accuse "John Doe" defendants of using various different methods to obtain passwords and confidential information about people. They hope to use these lawsuits to uncover some of the largest phishing operators.
==See also==
* Anti-phishing software
* Pharming
==References==
*
* (also cites ''InformationWeek'', "Phishers Would Face 5 Years Under New Bill", March 3, 2005)
==External links==
===Phishing information===
* [http://www.anti-phishing.org Anti-Phishing Working Group] - Daily news from the net about phishing
* [http://www.spamfo.co.uk www.Spamfo.co.uk]- Articles and contemporary news items relating to phishing and internet scams
* [http://www.millersmiles.co.uk Phishing alerts, news and reports - MillerSmiles.co.uk]
* [http://www.geocities.com/phishingmemo A Memo On Phishing: What You Need To Know Right Now]
* [http://www.waterken.com/dev/YURL/Name/ Trust Management for Humans] - Explains the design flaw in the WWW that enables phishing and provides a simple solution to the problem
* [http://www.phishingdangers.com Phishing Scams]
* [http://www.webopedia.com/TERM/p/phishing.html Webopedia] - Phishing details from Webopedia.
* [http://www.banksafeonline.org.uk/ Bank Safe Online] - Advice to UK consumers regarding phishing scams and more.
* [http://www.gishpuppy.com/details.html GishPuppy.com] - Using disposable email addressing (DEA) to spot phishing.
*[http://www.us-banker.com/article.html?id=20050201N4N89WK9 U. S. Banker | A Phish Story - February 2005]
*[http://www.netapp.com/ftp/phishing-attacks.pdf Network Appliance, Inc. Phishing Survey 2004 (PDF)]
* [http://www.honeynet.org/papers/phishing/ Know Your Enemy: Phishing] - Case study from the Honeynet Project on detailed techniques of a couple of phishers.
===Legislation===
* [http://www.crime-research.org/analytics/phishing_duke/ Computer Crime Research Center] - Plugging the "phishing" hole: legislation versus technology.
===Anti-phishing===
* [http://rjohara.net/pfishing-scams/ Gallery of Phishing Messages] - Examples claiming to come from banks, credit card companies, and auction houses.
* [http://survey.mailfrontier.com/survey/quiztest.html Online survey tool by MailFrontier] - measures ability of users to distinguish e-mail that is legitimate or "phish".
* [http://www.windowsecurity.com/articles/Avoid-Phishing.html How to Avoid Phishing Scams]
* [http://www.ftc.gov/bcp/conline/pubs/alerts/phishingalrt.htm FTC - How Not to Get Hooked by a Phishing Scam]
* [http://www.sharecube.com ShareCube.com] - Solutions for Banks and Financial institutions.
====Anti-phishing Software====
* [http://toolbar.netcraft.com Netcraft Toolbar] - browser plugin that shows country, hosting location and longevity of sites and operates a community where the first people to receive a phishing attack can block it for everyone else using the toolbar.
*[http://www.adorons.com/adorons-products.html Adorons Easy Security] Free software plug-in for Internet Explorer that disables phishing scripts.
* [http://www.corestreet.com/spoofstick/ Spoofstick] - A plug-in for Internet Explorer and Mozilla that displays the real un-spoofed address for the current site. Works in pop-up windows as well.
===Examples===
* [http://purl.org/net/tbc/misc/phish001.htm Example of e-mail used for phishing] - an actual phishing message
* [http://www.fightidentitytheft.com/paypal_scam.html Fight Identity Theft] - Phishing Samples
Spamming
Internet fraud
Deception
la:Insidiae hamatae
Be aware of how it works. Here’s what to look for: * An email is sent that looks like it came from a site you do business with. * The email requests that you provide or confirm personal information, login credentials or account numbers. Here’s what you should do: * Never send personal info, your password or account numbers in an email. * When clicking on a link, be sure you end up on a secure site. == SecurityFocus cite == On 01 Nov 2004, this article was cited in a [http://www.securityfocus.com/columnists/274 SecurityFocus article] on phishing. User:Securiger 06:50, 8 Nov 2004 (UTC) The list of phishing URL types added on 9th Feb was pinched from my page (whose URL is in the body of the email). I'm happy to make it available under the GNU FDL for Wikipedia, but the contributor should have asked. - Gerv (gerv at gerv.net) :Gerv, sorry about that! If your read this please accept out grateful thanks that you have gave us permission to use them under the GFDL! What is the link to this info? - User:Ta bu shi da yu 02:15, 4 Mar 2005 (UTC) ::The link Gerv (a.k.a. Gervase Markham of the Mozilla Foundation) was talking about is [http://www.gerv.net/security/phishing-browser-defences.html here]. User:Ral315 05:35, Mar 9, 2005 (UTC) ==Quote from Washington Times== :Phishing, which stems from the word fishing, is the act of sending an e-mail to an Internet user in an attempt to get private information that could be used for identity theft, fraud or both. The e-mail, pretending to be from a legitimate business or bank, normally directs the user to a bogus Web site, where they are asked to update such sensitive personal information as passwords, bank account and credit card numbers. [http://ap.washingtontimes.com/dynamic/stories/N/NORWAY_OPERA_SOFTWARE?SITE=DCTMS&SECTION=HOME] Can we incorporate or re-word this definition? User:Ed Poor user talk:Ed Poor 14:13, Apr 19, 2005 (UTC) == Section needs Improvement == I don't understand the section on Wildcard DNS, even when reading the linked definition. What does the pipe character do in (all browsers?) under XP? How do those funny names resolve to a wildcard record? —User:Długosz
See other meanings of words starting from letter:
Words begining with Phishing:
Phishing
Phishing
Phishing_site
Phishing
In computing, phishing is the act of attempting to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business with a real need for such information in a seemingly official electronic notification or message (most often an email, or an instant message). It is a form of social engineering (computer security) attack. ([http://purl.org/net/tbc/misc/phish001.htm See an example].) The term phishing comes from the fact that Internet scammers are using increasingly sophisticated lures as they "fish" for users' financial information and password data. The first mention on the Internet of phishing is on the alt.2600 hacker newsgroup in January 1996, however the term may have been used even earlier in the printed edition of the hacker newsletter "2600". ==Early History== The term was coined in the mid 1990s by cracker (computing)s attempting to steal AOL accounts. An attacker would pose as an AOL staff member and send an instant message to a potential victim. The message would ask the victim to reveal his or her password, for instance to "verify your account" or to "confirm billing information". Once the victim gave over the password, the attacker could access the victim's account and use it for criminal purposes, such as spam (electronic)ming. "Ph" is a common hacker replacement for "f", and is a nod to the original form of hacking, known as "phone phreaking". There is also an Ireland Internet Relay Chat network called Phishy, although it predates the use of that term for anything illegal. ===Early Phishing on AOL=== Those who phished on AOL during the 1990s originally were getting on AOL with fake, algorithmically generated credit card numbers. The accounts would last weeks to months and then they would have to make new ones. To prevent this from happening, AOL adapted tougher regulations for their system in late 1995. As a result of this, the people who created the fake accounts resorted to phishing for legit AOL accounts. The phishing on AOL was closely associated with the warez, that exchanged pirated software. However in 1997, AOL's policy with phishing and warez became stricter and forced pirated software off AOL servers. Around that time also, phishing was so prevalent on AOL that AOL added a line on all instant messages that said no one working at AOL will ask for your password or billing information — yet still despite this, phishing for both continued to work. Around that time as well, AOL developed a system to quickly deactivate any account phishing — booting them offline often before their phishes could respond, so they then lost more accounts phishing than they gained. The phishers attempted to get around this problem by phishing moving to AOL Instant Messenger(AIM). They made this move because they could not be banned on the server. The shutting down of the warez scene on AOL caused most phishers to leave the service. Also, the phishers themselves eventually grew older (many were young teens) and got jobs to pay for an Internet Service Provider legitimately. Both phishing and warez on AOL generally required special programs, and if these programs were popular, their creators, always going by aliases, became well-known in these circles. The first program well-known for phishing, warez, and other disruptive activities on AOL was AOHell. ==Additional attack methods== Besides URL spoofing, it is also possible for the attacker to utilize the bank/service's own scripts against them. These attacks are particularly problematic because they actually direct the user to sign in at their bank/service's own web pages, where everything from the URL to the SSL certificate are correct. Example: [https://signin.ebay.com/ws/eBayISAPI.dll?SignIn&UsingSSL=1&pUserId=&co_partnerId=2&siteid=0&ru=http%3A%2F%2Fcgi4.ebay.com%2Fws%2FeBayISAPI.dll?MfcISAPICommand%3dRedirectToDomain%26DomainUrl=http%3A%2F%2F127.0.0.1%2FeBayISAPI.php&pageType=1883] (address changed to protect the reader) While clicking on this link brings you to eBay's site to log in, it then forwards the authenticated request to another domain/server, where the hacker's harvesting script is potentially waiting for this information. If you are contacted about an account needing to be "verified," you should contact the company directly, or type in the address for their webpage. Be especially concerned about an address containing the "@" symbol, for example
Phishing
Be aware of how it works. Here’s what to look for: * An email is sent that looks like it came from a site you do business with. * The email requests that you provide or confirm personal information, login credentials or account numbers. Here’s what you should do: * Never send personal info, your password or account numbers in an email. * When clicking on a link, be sure you end up on a secure site. == SecurityFocus cite == On 01 Nov 2004, this article was cited in a [http://www.securityfocus.com/columnists/274 SecurityFocus article] on phishing. User:Securiger 06:50, 8 Nov 2004 (UTC) The list of phishing URL types added on 9th Feb was pinched from my page (whose URL is in the body of the email). I'm happy to make it available under the GNU FDL for Wikipedia, but the contributor should have asked. - Gerv (gerv at gerv.net) :Gerv, sorry about that! If your read this please accept out grateful thanks that you have gave us permission to use them under the GFDL! What is the link to this info? - User:Ta bu shi da yu 02:15, 4 Mar 2005 (UTC) ::The link Gerv (a.k.a. Gervase Markham of the Mozilla Foundation) was talking about is [http://www.gerv.net/security/phishing-browser-defences.html here]. User:Ral315 05:35, Mar 9, 2005 (UTC) ==Quote from Washington Times== :Phishing, which stems from the word fishing, is the act of sending an e-mail to an Internet user in an attempt to get private information that could be used for identity theft, fraud or both. The e-mail, pretending to be from a legitimate business or bank, normally directs the user to a bogus Web site, where they are asked to update such sensitive personal information as passwords, bank account and credit card numbers. [http://ap.washingtontimes.com/dynamic/stories/N/NORWAY_OPERA_SOFTWARE?SITE=DCTMS&SECTION=HOME] Can we incorporate or re-word this definition? User:Ed Poor user talk:Ed Poor 14:13, Apr 19, 2005 (UTC) == Section needs Improvement == I don't understand the section on Wildcard DNS, even when reading the linked definition. What does the pipe character do in (all browsers?) under XP? How do those funny names resolve to a wildcard record? —User:Długosz
See other meanings of words starting from letter:
P
PA | PB | PC | PD | PE | PF | PG | PH | PI | PJ | PK | PL | PM | PN | PO | PR | PS | PT | PU | PW | PX | PY | PZ |Words begining with Phishing:
Phishing
Phishing
Phishing_site
These materials are based on Wikipedia and licensed under the GNU FDL
YouTube.com videos better site than Turbo Tax 2007
