Phishing
Phishing is a way that people get sensitive information such as usernames or passwords. It is a method of social engineering. Very often, phishing is done by electronic mail. This mail looks as if it comes from a bank or other trusted company. It usually says that because of some change in the system, the users need to re-enter their usernames/passwords to confirm their identity. The emails usually have a link to a page that looks like that of the real bank.
Phishing allows criminals to get access to bank accounts or other accounts. Types of accounts that are often accessed include shopping, auction or gaming accounts. It can also be used for identity theft.
Most forms of phishing have not had much change over the lifetime of the Internet. During this time, some phishing tactics have gotten much more sophisticated. For example, many phishing techniques via e-mail involve spoofing the email address and creating emails that look just like emails sent from the real company. Not all phishing attempts do this, however.
Phishing can also be done over text using instant messaging apps such as Facebook Messenger or WhatsApp. It can even be done using snail mail. If someone gets a text from an unknown number that tells them to visit a specific website for any reason, it might be a phishing link.
Filter evasion[change | change source]
Some people who do this started using images of text to make it harder for anti-phishing filters to see it. This can work because the filters look for words often used in phishing emails/messages. However, better filters have been invented that can still read the text using OCR (optical character recognition).
Some anti-phishing filters can even read cursive, hand-written, upside-down, distorted (for example, wavy or stretched) text, as well as writing on colored backgrounds.
Other websites[change | change source]
- E-scams and Warnings Update Archived 2008-11-03 at the Wayback Machine – Federal Bureau of Investigation
- Bank Safe Online – Advice to UK consumers