Wednesday, December 27, 2006

What is a phishing attack?

A phishing attack is designed to steal your logon credentials and possibly steal your identity from web sites that would store this type of information.

Currently the most common form of a phishing attack are e-mails sent to your personal e-mail account claiming to be a business such as PayPal or a financial institution. Usually within the e-mail they well ask you to click on a link and verify your account status or address. The trick is that, the link in the e-mail that you click on, is linked to a web site that is a mirror of your bank or financial institution. It is not really their website, it is a phishing site that looks exactly like your banks website.. You will then be presented with a username and password. Phishing web sites then store your username and password to access your data from the real web site. If you entered the data he attacker now has everything they need to access your banking information, to transfer funds, to change mailing addresses, bank account numbers, credit card numbers. Etc…..

If this happens to you, you should notify IC3.org ASAP. See i-fraud.blogspot.com for more information regarding Internet Fraud and Fraud Response.

You should never click on a link contained in an e-mail, even if this the e-mail has your name on it, is from an institution where you do have an account, and has a return address of your financial information. Always log into your personal accounts by entering the URL your self into the browser.

No comments: