Phishing | Español |
What is phishing?
Damage caused by phishing.
What measures should I take against phishing?
What is Phishing?
Phishing is the practice of luring unsuspecting Internet users to a fake website by using authentic-looking
e-mail, with a real organization's logo, in an attempt to steal passwords, financial or personal information, or introduce a virus attack. The fake websites created by “phishers” are almost identical to the originals, nearly perfect replicas of the sites of well known, trusted institutions, including banks and sites such as eBay and PayPal.
Social networking sites, like MySpace.com, are also a target of phishing, since the personal profiles in such sites can be used in Identity thefts. Statistics show a success rate of over 70% for phishing attacks on social networks.
Damage caused by phishing
The damage caused by phishing ranges from losing access to e-mail to substantial financial loss. This type of identity theft is becoming more popular because of the ease with which unsuspecting people often divulge personal information to phishers, including credit card numbers, social security numbers and mothers' maiden names. Identity thieves can gather additional information about potential targets simply by accessing public records. Phishers can use all this information to create fake accounts in a victim's name, potentially ruining a victim's credit or even preventing a victim from accessing his or her own accounts.
It is estimated that, between May 2004 and May 2005, approximately 1.2 million computer users in the United States suffered losses caused by phishing totaling approximately $929 million. The cost to businesses whose clients were victimized totaled an estimated $2 billion a year.
What measures should I take against phishing?
The solution is two-fold: Use protective software and exercise caution when using e-mail and browsing programs.
Users can take steps to avoid phishing attempts by slightly modifying browsing habits. Users who are contacted about an account needing to be "verified," for example, can contact the company that is the subject of the e-mail to check if the e-mail is legitimate. They also can type a trusted address for the company's website into the address bar of their browser to bypass the link contained in the suspicious message.
One could always use off-the-shelf software that has built-in intelligence against phishing activities. Many large software companies like Microsoft, Google and Yahoo! provide browser plug-ins that include anti-phishing features. Spam filters also cut down on phishing activities.