Phishing Fraud
Thanks to advancements in computing technology, the use of e-mail for communication has become omnipresent, especially in business. As Kruck and Kruck (2006) note, as an organization's dependence on e-mail for communication increases, so does the opportunity for problems to arise. One such problem is the increased numbers of spoofed e-mails, where a communication is sent masquerading as another party, as a means of committing phishing fraud. The first recorded use of the word "phishing" is documented on the alt.onlin-service.america-online Usenet newsgroup, on January 2, 1996. Some sources, however note the term having appeared earlier in a hacker magazine 2600. The word itself is a variant of the word "fishing" and alludes to the luring of victims into giving away sensitive information, such as passwords and financial information. It has also been attributed to possibly the term "phreaking" as well as being a portmanteau of "password harvesting" and an example of folk etmology. Although phishing is most often conducted via e-mail, phishers have also been known to use instant messaging as well as phone contact ("Phishing", 2007). America Online was the first victims of phishing fraud. Prior to the creation of phishing
This fraudulent activity became so prevalent that AOL added a line to all instant message communications noting that staff members would never request their password or billing information ("Phishing", 2007). When called, the phone number prompted the victim to enter their account numbers and their PIN ("Phishing", 2007). In link manipulation, the link is made to appear to be from the spoofed organization via a misspelled URL or the use of subdomains. These accounts would last weeks or even months before the organization would catch the fraudulent activity, giving the person free Internet access until it was discovered. Although this attack, as well as a "post 911 ID check" were seen as failures, they are the first experimentations that would eventually lead to much more successful attacks against mainstream banks. Some phishers use JavaScript commands in order to alter the address bar or place a picture of the legitimate entity's URL over the address bar. "In January 2004, there were 176 new, unique phishing attacks in spoofed e-mail messages reported to the Anti-Phishing Working Group. A phisher may also use the spoofed website's scripts to their advantage by using cross-site scripting, where everything from the web address to the security certificates appears correct. As noted, not all phishing activities are via the Internet. The first half of 2004 saw a 4,000% increase in the number of unique attacks (Bielski, 2004), demonstrating this significant problem. This represented a 52% increase over the number of attacks reported in December 2003" (Kruck & Kruck, 2006). In June 2001, E-gold was the first known direct attempt against a payment system. Website forgery is also used in phishing. Phone phishing was seen in 2006 when a message claiming to be from a bank told users to call a number regarding problems with their accounts.
Common topics in this essay:
Phishing AOL,
Kruck Kruck,
Trade Commission,
America Online,
PIN Phishing,
Internet Phone,
,
phishing 2007,
phishing fraud,
sensitive information,
phishing 2007 phishing,
phishing link manipulation,
phone phishing,
victims phishing fraud,
e-mail messages,
credit card,
address bar,
link appear,
kruck kruck 2006,
link manipulation,
victims phishing,
|
Acceptance Essays
