January 28, 2012

3.2.8 Phishing

Phishing

Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Phishing is an example of social engineering techniques used to deceive users; in which you simply ask someone for a piece of information that you want by making it look as if it is a legitimate request.

Vishing involves combining phishing with Voice over IP.

An email might look as if it is from a bank and contain some basic information, such as the user's name. A fake website might be created to look just like a legitimate site. It can then gather personal information from the user.

The person instigating the phishing can then use the values entered there to access the legitimate account.

One of the best counters to phishing is to simply mouse over the “Click Here” link and read the URL.

Phishing email messages, websites, and phone calls are designed to steal money, access, information, etc.

References:

  • http://www.microsoft.com/security/online-privacy/phishing-symptoms.aspx
  • http://www.fraud.org/tips/internet/phishing.htm
  • CompTIA Security+ Study Guide: Exam SY0-301, Fifth Edition by Emmett Dulaney

No comments:

Post a Comment