Phishing (fish'-ing) (n.) The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has.

The Web site, however, is bogus and set up only to steal the user's information. For example, 2003 saw the proliferation of a phishing scam in which users received e-mail supposedly from eBay claiming that the user's account was about to be suspended unless he clicked on the provided link and updated the credit card information that the genuine eBay already had. Because it is relatively simple to make a Web site look like a legitimate organizations site by mimicking the HTML code, the scam counted on people being tricked into thinking they were actually being contacted by eBay and were subsequently going to eBay's site to update their account information.

By spamming large groups of people, the "phisher" counted on the e-mail being read by a percentage of people who actually had listed credit card numbers with eBay legitimately.

Phishing, also referred to as brand spoofing or carding, is a variation on "fishing," the idea being that bait is thrown out with the hopes that while most will ignore the bait, some will be tempted into biting.

Other forms: phish (v.)

Phishing is the term coined by hackers who imitate legitimate companies in e-mails to entice people to share passwords or credit-card numbers. Recent victims include Charlotte's Bank of America, Best Buy and eBay, where people were directed to Web pages that looked nearly identical to the companies' sites.

The scam is called 'phishing' - as in fishing for your password, but spelled differently.

The term phishing comes from the fact that Internet scammers are using increasingly sophisticated lures as they "fish" for users' financial information and password data. The most common ploy is to copy the Web page code from a major site - such as AOL - and use that code to set up a replica page that appears to be part of the company's site. (This is why phishing is also called spoofing.) A fake e-mail is sent out with a link to this page, which solicits the user's credit card data or password. When the form is submitted, it sends the data to the scammer while leaving the user on the company's site so they don't suspect a thing.

The term had its coming out this week when the FBI called phishing the "hottest, and most troubling, new scam on the Internet." The name appears to have no connection to the band Phish, an FBI spokesman said. - Andrew Shain, "Phishing to steal your information," Charlotte Observer, July 25, 2003.

Phishing attacks use 'spoofed' e-mail and fraudulent websites designed to fool recipients into divulging personal financial data such as credit card numbers, account usernames and passwords, social security numbers, etc. By hijacking the trusted brands of well-known banks, online retailers and credit card companies, phishers are able to convince up to 5% of recipients to respond to them.

The "@" trick in links - Phishing e-mail sometimes use a simple but effective trick to disguise the true destination of a link embedded in the email. Take a look at the following link: www.ebay.com/upd@aw-confirm.us/upd

To your browser, the "@" means forget everything before that point and only use what follows. So the link above will actually take you to: aw-confirm.us/upd

Any time you see an "@" in a link, it's a good idea to be very suspicious of where you'll end up if you click on the link.

A few tips on how to avoid the Internet scam known as phishing.

• If you receive an unexpected e-mail saying your account will be shut down unless you confirm your billing information, do not reply or click any links in the e-mail body.
• Before submitting financial information through a Web site, look for the "lock" icon on the browser's status bar. It means your information is secure during transmission.
• If you are uncertain about the information, contact the company through an address or telephone number you know to be genuine.
• If you unknowingly supplied personal or financial information, contact your bank and credit card company immediately.
• Suspicious e-mail can be forwarded to uce@ftc.gov, and complaints should be filed with the state attorney general's office or through the FTC at www.ftc.gov.

Here are a few Websites that have helpful information.

• www.allconnect.com - With scams targeting seniors on the rise, the need for updated and accurate resources is more important than ever. With that in mind, we've created an all-inclusive guide with ways to help seniors stay safe while using the internet.
• www.safetydetectives.com - This guide highlights what are the top scams targeted to seniors including phishing scams, how important it is to be aware of the current threats, and how to deal with them to name a few.
• www.siteground.com - How to Stay SAFE From"phishing" scams.
• www.mailfrontier.com - An extensive list of the latest e-mail "phishing" scams www.antiphishing.org - Anti-Phishing Working Group
• www.ftc.gov - How Not to Get Hooked by a "Phishing" Scam
• http://en.wikipedia.org - Phishing, from Wikipedia, the free encyclopedia
• www.ftc.gov - Identity Thief Goes "Phishing" for Consumers' Credit Information
• http://news.com.com - AOL Warns Members to Keep Passwords Under Wraps
• http://onguardonline.gov/articles/0003-phishing - More about Phishing

Follow the links to more great Internet info!

Site Map - Part 2

| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 |

MORE Truth or Hoax

Larry James • CelebrateLove.com • P.O. Box 12695 • Scottsdale, AZ 85267-2695 • 480 205-3694 •

Send e-mail to Larry James