Phishing is a broad term that refers to attempts by criminals to secure personal information from online users without their knowledge or consent. Over the years, many different types of phishing attacks have emerged, and continue in common use today. In order to be on the alert for these scams, it is important to be aware of the several common strategies used as part of these attacks.
One of the more common means of launching phishing attacks is the use of viruses and spyware to capture user data. Often, viruses are transmitted either via email or are discreetly downloaded when a user visits an infected web site. Typically, the virus runs quietly in the background, collecting personal data that is housed on the hard drive or that users enter on unsecured web sites. Running up-to-date antivirus software can help block these viruses from downloading, and can also prevent spyware from taking up residence in some obscure corner of the hard drive.
Deceptive phishing attacks usually involve the use of email messages that appear legitimate, but in fact are an attempt to collect financial and other personal data. For example, the email scam may involve sending out emails that appear to be from a specific bank. The body of the mail normally states that there is some problem with the recipient’s bank account, and includes a link that can be used to correct the problem.
Clicking on the link usually takes the user to what appears to be a legitimate page where they enter account data. Once the data is sent, the email scams usually provide a quick “thank you” message that indicates the problem with the account is corrected. In the interim, the scammer now has the user’s bank account information and is free to use it in any way he or she pleases. Since banks never use this method to notify customers of problems with their accounts, any emails of this type should be deleted immediately, or forwarded to the bank’s fraud division.
A more sophisticated example of phishing attacks is known as man-in-the-middle phishing. This approach requires that the scammer establish a position between the Internet user and the web site that the user wishes to visit. With this application, the scammer does not prevent access to the legitimate site, but simply intercepts the data, copies it, and then allows the data stream to continue to its intended destination. Of all the different types of phishing attacks, this is one of the most difficult to detect, and one of the hardest to stop.
Phishing attacks are designed to allow phishers to harvest information they can use to their own ends. Often, the victim is unaware that anything has happened until it is too late. Identity theft of this type can devastate individuals, as their good credit is ruined by phishers. In order to minimize the possibility of becoming a phishing victim, users should always run reliable virus and spyware protection software on their systems, and never respond to emails from financial institutions, or shop on web sites that are not certified as secure.