What is "phishing?"

by Steve Yates

The ITS Connection Online Newsletter

Phishing is the term used when con artists send e-mails seeking account information, primarily bank or credit card numbers. A typical scam involves sending an e-mail addressed from a bank advising the recipient that the bank needs to verify their account information, or maybe that their bank account is under investigation for fraud, and asking them to verify their account details online. In the e-mail may be the bank's actual logo and a link that looks like it might be to the bank's web site, or possibly an attached file. However closer inspection usually reveals the link is deceptive. Common tactics include using a link of the format www.bank.com@123.321.123.321, or adding many spaces between the "www.bank.com" and the @ sign. This syntax is a less common format of URL which would actually connect the user to the server at 123.321.123.321, using a "username" of "www.bank.com." This site would likely also show the logo of the bank, to fool the user. The spaces are used so that if a user views the link before or after clicking on it, the actual destination and the @ sign might be so far off to the right as to be effectively hidden from view.

Overall few reputable financial companies will ask for account information via e-mail, especially now that this type of fraud has become prevalent. Be aware of the links you click on, and if in doubt type the bank's web address in manually.

Note: Shortly after we published this article new information came out concerning new phishing techniques that involve scammers sending mass blank e-mails (no subject, no visible body) that try to exploit an Internet Explorer security hole to download and install a trojan program designed to harvest data and send it to a remote machine. Other techniques involve redirecting the user through a trojan-download site before displaying the false form so even if a user does not enter anything into the form they have still been compromised by the trojan software their system has downloaded.

Further, one company tracked a 43% increase in unique phishing scams from February to March 2004, and another company said they tracked 215,000+ phishing e-mails in March 2004 vs. just 279 in September 2003.

Accordingly ITS recommends vigilance in installing the latest security updates to your e-mail and browser software, and regularly updating and using your anti-virus software and anti-pest software.

April 2004

Send this article to a friend!
Subscribe to The ITS Connection

Related articles