Phishing (a variant of the word fishing) is an attempt by fraudsters with mala fide intentions, to use a bait to fish out your personal information. The fraudster (known as phisher) would send you an email posing to be your bank, your credit card company, your internet service provider, govt. tax department, or any organization with which you already have dealings and whose emails you trust. The phisher's email will state some matter of urgency so as to create a psychological panic, and request for a call to immediate action by following a link in the email. The link will take you to a fake website where you will be tricked to divulge sensitive personal information, such as your bank login id and password, your credit card number and associated PIN, your email account password, etc. Some emails may ask you to reply back with such personal information.
A typical phishing email would read as "…Your ICICI bank account has been compromised, due to which your account has been de-activated/suspended. You are advised to click here and verify your information and re-activate your account…". When you click at the link in the email, it will direct you to a spoofed website which will look exactly the same as the ICICI bank site. The counterfeit website is carefully designed to look real and familiar making you feel comfortable. You will be asked to feed in your bank login id and password to verify your information. The moment you do so, your login id and password is in the hands of the phisher.
At times, such phishing e-mails may contain spelling mistakes. Even the links to the counterfeit website may contain URL with spelling mistake, to take you to a fake website which looks like that of the genuine organization - example citibnak.com instead of citibank.com. Some fake e-mails promise a prize or gift certificate in exchange for your completing a survey or answering a few questions. In order to collect the alleged prize, you may be asked to provide your personal information. Such fake e-mails may also come from companies claiming to offer a job. These are often for work-at-home positions that are actually schemes that victimize the job applicant.
The damage caused by phishing could be significant. While on one hand, it may simply mean that you are unable to access your email account because the phisher changed your email password after gaining access to it. On the worse side, it could mean substantial financial loss if your credit card details or bank account details are fished our. It is estimated that the worldwide impact of phishing is as high as $5 billion per year.
Phishing scams have been categorized into various types in view of their multitude of approach, manner in which they are executed, and the entailed objectives.
A Phishing attempt directed at a specific individual based on his role, or a specific organization, is termed Spear Phishing. These are pin-pointed attacks where the attacker gathers specific personal or organizational information making the attack seem more believable, thus increasing the attacker's chances of success.
In this type of phishing the attacker begins by gaining access to a previously delivered legitimate email which contains an attachment or link. Using this email as the basis the attacker will send a follow-through email which will be almost identical to the previously sent genuine one. This is termed as a clone email. In this cloned email the attachment or link is replaced with a malicious version. The attacker sends the clone from a spoofed email address making it appear as if it came from the original sender, wherein it will state to be resending the original, in case the recipient missed it. Or it may claim that the first email was a mistake and the second (cloned one) is the correct version to be used.
The clone phisher can gain access to your first genuine email if your computer is infected with a spy ware that was planted by the attacker earlier to read all your incoming emails.
Whaling is quite similar to Spear phishing, except that it is targeted toward senior executives and high-profile individuals in businesses, government and other organizations.
CEO, Computer Solutions
Rajeev Kumar is the primary author of How2Lab. He is a B.Tech. from IIT Kanpur with several years of experience in IT education and Software development. He has taught a wide spectrum of people including fresh young talents, students of XLRI, industry professionals, and govt. officials.
Rajeev has founded Computer Solutions & WebServicesWorldwide.com, and has hands-on experience of building variety of web applications and portals, that include - SAAS based ERP & e-commerce systems, independent B2B, B2C, Matrimonial & Job portals, and many more.