RECOMMENDED

FREE Spyware Scan with SpyHunter
SpyHunter's spyware scanner last
updated on 07/07/2008.
  

Top Parasite Threats

  

Recent Parasite Threats

  

Resources and Tools

  

Recent Articles

  

Subscribe To

  • AddThis Social Bookmark Button
  • AddThis Feed Button
  
HomeHome Phishing ScamsPhishing Scams

Guide to Protecting Yourself Against Phishing Scams   AddThis Social Bookmark Button Email This Article

line

Phishing Scams Menu Guide
A Brief History on Phishing Scams A Brief History on Phishing Scams
How You Can Prevent Phishing Scams How You Can Prevent Phishing Scams
Anti-Phishing Act of 2005 Anti-Phishing Act of 2005
Phishing Scam Alerts Phishing Scam Alerts
Frequently Asked Questions Phishing FAQs

dotted line

What Is Phishing?

Phishing is just what it sounds like "fishing." Only instead of sporting for fish, phishers try to bait a sea of Internet users into giving them personal - and usually financial - information. Criminals spam thousands of computer users with spoofed emails and copycat websites designed to fool you into revealing data such as credit card numbers, account usernames and passwords, social security numbers, etc.

Typically, a phishing scam works like this: you get an email that seems to come from a trustworthy company - maybe a well-known bank or online retailer - containing a message intended to alarm you into taking action. In common phishing scams, the emails use pressure tactics, by warning that failure to respond will result in you no longer having access to your account. Other emails prey on fear, claiming that the company has detected suspicious activity in your account or is implementing new privacy software or identity theft solutions. Then the same email provides a convenient link to take you to a copycat website. Now at that page, you're prompted to enter personal information, which is then captured by the fraudster.

Where does "Phishing" Come From?

Sometimes it's said the term "phishing" stands for "password harvesting fishing." Most likely that acronym was coined retroactively. The term probably comes in the analogy that these phishing scam artists are fishing for victims:  they throw out a ton of bait - spamming with all those copycat emails - and only need a few people to bite. 

As for the "ph," that's a common hacker replacement for "f," and a nod to the original form of hacking, known as "phreaking."  The term "phreaking" was coined by the first hacker, John Draper, and this is the origin of a lot of the "ph" spelling in various hacker organizations and pseudonyms. In the early 1970's John invented "phone phreaking" by creating the notorious Blue Box, a device he used to hack telephone systems. The Blue Box emitted tones that gave its user control over the phone switches, making it possible to bill calls to someone else's phone number or call long distance for free.

Obviously hacking later spread to the internet, and, decades later in 1996, hacked accounts were being called "phish."  By 1997 phish were actually being traded between hackers as a form of currency. Hackers would regularly exchange ten working AOL phish for a piece of software that they wanted.

Over the years, phishing scams have grown from simply stealing AOL dialup accounts into a much more threatening criminal enterprise. Phishing attacks now target financial institutions, users of online banking, payment services such as PayPal, and online ecommerce sites like eBay. Phishing fraud is growing quickly in number and sophistication. In fact, the Anti-Phishing Working Group reports that since August 2003 most major banks in the USA, the UK and Australia have been hit with phishing attacks.

How to Report Phishing

If you believe you've received phishy email, you can help fight phishing scams by reporting phishing emails to the authorities.  There are two basic ways of doing this:  you can file a complaint with the FBI's Internet Fraud Complaint Center, and you can send the fake email to other authorities, such as anti-phishing groups and the company being targeted in the phishing scam.

To file a complaint with the FBI's Internet Fraud Complaint center, click www.ifccfbi.gov/cf1.asp and fill out the form.  The organization works worldwide with law enforcement and industry to promptly shut down phishing sites and identify the criminals behind the fraud.

To send the phishing email to other authorities, make sure to forward the phishing email as an attachment - this serves to best help investigators.  There's information buried in the header of an email message that technical experts need in order to track - and end - phishing fraud.

Some email addresses you can use to report suspicious mail are:

  • Anti-Phishing Working Group - reportphishing@antiphishing.org
  • The FTC - spam@uce.gov

Also, make sure to report the phishing email to the company it involves.  If you receive a spoof email of eBay, be sure to email it to them - the company will appreciate the tip, and most major online retailers and financial institutes have email addresses to deal with the phishing problem.  Here's a few of them:

  • Best Buy - bestbuysecurityinfo@postfuture.com
  • Citibank - emailspoof@citigroup.com
  • EarthLink - fraud@corp.earthlink.net
  • eBay - spoof@ebay.com
  • PayPal - spoof@paypal.com
  • Washington Mutual - spoof@wamu.com