In computer security, phishing
is a type of hacking attack called social
engineering. Phishing is an attempt to fraudulently
acquire sensitive information such as passwords, credit
card information, and personal information, by pretending
to be a trustworthy person or business.
Most phishing techniques use some form
of technical description designed to make the link in
an email appear to belong to the spoofed individual or
business. Typosquating, misspelled URL's, or
the use of sub domains are common tricks used by phishers,
such as this example URL: http://www.your_bank.com.domain.com.
Another technique is using a URL containing the '@' symbol.
For example: http://www.microsoft.com@members.tripod.com
may look legitimate to a casual user, thinking that the
link takes them to the microsoft.com domain, but instead
it directs them to the members.tripod.com domain. Some
phishing techniques use Javascript commands to modify
the address bar. This can be done by placing and image
over the address bar, or by closing the original address
bar and opening a new one with the legitimate URL.
Screenshot of a phishing email targeted at Paypal users.
This screenshot may be copyrighted
by its author(s) or the company that took the screenshot.
It is believed that the use of a limited number of web-resolution
screenshots for critical commentary on the article in
question on the LabariaSoft Security Division, hosted
on servers in the United States, qualifies as fair use
under the United States Copyright Law. Any other uses
of this image may be a copyright infringement.
One strategy for combating phishing is
to train users on how to deal with phishing attempts,
such as learning how to spot a fake email, and how the
official email should look like.
Another method is to install an anti-phishing
software, many anti-phishing software are no available.
