Phishing

In computing, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from PayPal, eBay, Youtube or online banks are commonly used to lure the unsuspecting. Phishing is typically carried out by e-mail or instant messaging,[1] and it often directs users to enter details at a website. Phishing is an example of social engineering techniques used to fool users.[2] Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures.

A phishing technique was described in detail in 1987, and the first recorded use of the term "phishing" was made in 1996. The term is a variant of fishing,[3] probably influenced by phreaking,[4][5] and alludes to baits used to "catch" financial information and passwords.

Recent phishing attempts

Phishers are targeting the customers of banks and online payment services. E-mails, supposedly from the Internal Revenue Service, have been used to glean sensitive data from U.S. taxpayers.[15] While the first such examples were sent indiscriminately in the expectation that some would be received by customers of a given bank or service, recent research has shown that phishers may in principle be able to determine which banks potential victims use, and target bogus e-mails accordingly.[16] Targeted versions of phishing have been termed spear phishing.[17] Several recent phishing attacks have been directed specifically at senior executives and other high profile targets within businesses, and the term whaling has been coined for these kinds of attacks.[18]

Social networking sites are a target of phishing, since the personal details in such sites can be used in identity theft;[19] in late 2006 a computer worm took over pages on MySpace and altered links to direct surfers to websites designed to steal login details.[20] Experiments show a success rate of over 70% for phishing attacks on social networks.[21]

Almost half of phishing thefts in 2006 were committed by groups operating through the Russian Business Network based in St. Petersburg.

...to be continued