Phishing
Phishing has become a major security threat on the Internet. Phishing
scams are usually conducted via electronic mail. The aim of phishing
is to educe user's to hand over their personal details willingly.
They usually achieve this aim by pretending to be someone they are
not.
Presently, phishing scams usually ask for one of the following,
- Bank details
- Financial details (credit card etc)
- Website username and password
- Email username and password
- ISP username and password
Phishing was originally a practice used by hackers to gain enter
into computer networks/systems. But, as the popularity of the Web
has increased, and banking has moved online, the practice of phishing
has largely been about monetary gain.
As has already been stated, phishing is largely conducted by email,
although more daring phishing scams may use the telephone to elicit
information. Phishing emails can be very professional and convincing.
They usually purport to be from a bank, such as HSBC, Natwest, RBS,
Barclays etc.
The sender's email address can sometimes be faked to appear to
be a genuine address. The email's content will probably use the
exact same logo's and layout as a genuine email from the said company.
The message content will be along the line of,
"There is a problem with your account, overdraft etc, could
you please enter your username and password details for verification".
The fact that the email looks genuine, as does the sender's email
address, combined, is often enough to convince user's it is genuine.
However, there is one thing to always bare in mind. Financial institutions,
and banks in particular, make a point of affirming and educating
their customers that they never ask for personal details, and specifically
passwords via email.
In conclusion, never hand over any personal details via email,
especially usernames and passwords. Banks will never send passwords
over email. Some websites may, but only if you have requested a
password reminder. If you have not, then this should ring alarm
bells.
|
