Phishing is a term used to describe the activity through which personal particulars like usernames and passwords and financial information like credit card details are tactfully retrieved from unsuspecting Internet users. Unlike hacking where the hacker breaks into a computer system or network and steals information, phishing is most often done with the full cooperation of the victim. This is probably what makes phishing all the more dangerous.
Phishers normally masquerade as trustworthy entities by impersonating popular organizations and websites. They would send a message to thousands of unsuspecting people asking them to confirm their username and password, threatening that their accounts would be terminated if they fail to do so. Most people never check the authenticity of such messages and immediately comply with the request. Especially when the message is written in an authoritative tone, people respond immediately to avoid any disruption in their service. This often forces them into sharing sensitive information which they would otherwise have never shared with anyone else online.
The term Phishing was first used in 1996, and is a variant of the word fishing. Just as bait is thrown in fishing to catch unsuspecting fish, Phishers send a message hoping that their victims would be "hooked" by responding to their message. Phishing initially started in the AOL network and then slowly moved to financial institutions as E-Commerce gained popularity.
Anti-Phishing Initiatives
Technological improvements and stricter legislation have been enforced to contain phishing as far as possible. Public awareness is probably the most effective weapon against this menace. Phishing is successful mainly due to the ignorance of the general public. Once they become cautious of these activities, phishing would lose much of its potency. There have indeed been massive efforts to educate the public and make them aware of this online menace. As a result, more people have become aware of phishing threats and are more cautious than they were just a year ago.
Improved browser design has made identifying phishing attempts a little easier. Most of the latest Internet browsers contain anti-phishing capabilities. Internet Explorer 8 for instance displays the domain name in black, and the rest of the URL in grey, making it easy to identify fraudulent URLs. Firefox for its part lets users create their own labels for their favorite sites. If a phisher tries to redirect them to a similar-looking fraudulent site, the browser would immediately warn the user or simply block access to the site. Most browsers also maintain their own lists of known phishing sites which they immediately block if the user tries to go to one of them. Email is another victim of phishing. Fortunately, powerful spam filters are in place these days that identity and block phishing mails from reaching the users' inbox.
Banks and other prime phishing targets have started using the services of dedicated technology groups which monitor and shut down phishing websites whenever they find them. Individuals and the public can also help by reporting phishing sites to these groups. The U.S. Federal Trade Commission and equivalent bodies in other countries have taken legal action phishing offenders. Anti-Phishing Working Groups like FraudWatch International, PhishTank and Millersmiles publish the latest information on phishing scams to warn the public.
Phishing needs to be tackled using a multi-pronged approach. Cutting edge technology, stricter legislation and better user awareness are some of the defenses that can contain this online menace.
For more information about phishing, identity theft and cyber crime please visit www.callercenter.com
