How Phishing
Works
One way to hook a fish is to use a lure so realistic that the
fish thinks it's food. Phishing on the Web works the same way. Thieves send an
e-mail or instant message that masquerades--right down to the sender's e-mail
address--as a message from a reputable company such as Citibank, eBay or MSN. If
you take the bait, you put money--and even your identity--at risk.
The message capitalizes on your trust of a respected brand by
enticing you to click a link. Doing so takes you to an equally convincing (and
equally fake) Web page or pop-up window that's been set up to imitate the
legitimate business. Once there, you're asked to divulge sensitive personal
information such as your Social Security number, a bank account or credit card
number, or a validation code, password or personal identification number
(PIN).
The scams are disarming and alarming in their ingenuity.
Thousands of people received e-mail messages pretending to be from:
Their "bank" requesting verification of an $829.49 charge for
a hotel in New Delhi, an imitation so meticulous that it included bank logos as
well as promises to safeguard privacy. Readers had only to click "STOP THIS
PAYMENT" to go to an equally convincing page where they would reveal account
information needed to "deny payment."
Their "cell phone company" saying that a charge to their
credit card on file was declined. The message included this clincher: "Your
account could be suspended unless you click this link to update your credit card
information immediately."
"MSN" addressed to "Darling MSN services client" informing
them that their MSN service would be "deactivated" if they didn't confirm their
identity at once by clicking the link provided.
The forged sites are so insidious that in 2003 they successfully
tricked almost 2 million people into revealing confidential information, putting
their financial status and credit rating at risk.
Keep up with phishers' latest tricks
