The term Phishing came from the analogy to fishing. Phishers try to duplicate a financial deal or a utility bill in order to bait people into giving them their money. They usually do this by cunning web pages that appear to the victim they are a legitimate company. Those that fall for the trick find themselves holding worthless, almost useless, e-mail addresses, which are then used to send spam or phish for even more information.
Phishing is nothing new. One of the first recorded phishing attacks happened in 1998 by a hacker who used the alias Charlie Shrem. Shrem’s intent was to harvest account information from companies using the Ancestry.com service. To do this, he harvested email addresses from the company’s customers as well as used an automated fax to send out detailed information to those customers.
Shrem was busted when the Social Security Administration called him and asked him to verify that all the information he had gotten from Ancestry.com was legitimate. He had nothing to hide and willingly gave up the information.
Since then, more targeted phishing attacks have happened on a smaller scale. The Nigerian government for example, saw a phishing attack that targeted nearly 10,000 people.
Phishing is nothing new. The term came from the analogy to fishing. Just like a fisherman using worms to grab the bait, phishers use spam, viruses and junk emails to catch the victims attention. Once the victims start to read the email, it actually convinces them that the email is a legitimate one. Hence this term is used to describe those who send out these e-mails.
One of the best ways to protect yourself is to filter out the junk that you may get in your inbox. That means you should be careful to only open or click on the links that you are really curious about. You should also be careful about the websites you visit as they can also get you caught out. Never give out more information about yourself than is absolutely necessary. For example, you should only fill out a resume if you have a company that needs to use it. There are sites that could warn you that you are entering a bad website and that will ask you to fill out your personal information.
If you have ever checked a box saying “Remember My Password” then you have been sent a web address that could be a phishing attack. These emails will look very similar to the real company domain name. They will use the company’s logo, which can sometimes be in very small letters only. They will use the words from the address bar, but they are not THE words.
Phishers know that many people use the same password for many accounts they have. Most people who stop to think about what they are saying actually type in the address of the web site they have and that is the only place they are likely to read the password that they wrote. They then proceed to highjack other accounts that the same user entered.
You can see why so many people are turning to free web site password resets. They are afraid that if they list their email address, bank account, or other personal information on the web then that information can be used by other people, like criminals.
But, if you do this, you are going to be exposing yourself to more phishing attacks. You are going to want to do this because the more information that is out there about you, the easier it will be for crackers to crack your accounts.