In the world of Internet security, phishing is described as the fraudulent process of attempting to obtain secure and sensitive information by posing as a legitimate means of communication. Most phishing attacks occur on mediums where money is exchanged; and include banks, auction sites, and online payment processors. Also social networking sites such as MySpace and Facebook are also reporting an alarming increase in the number of phishing attacks against their websites.
One of the well known phishing attacks occurred on AOL in the mid-1990's. At the time, AOL was strongly starting to combat the sharing of cracked and pirated material, and was randomly locking accounts that distributed such software. Users responded by posing as AOL staff members, and asked random members for passwords and billing information. At that time nobody really knew what phishing was, so naturally people went along with it. If you can remember the phrase "AOL will never ask for your billing or password information online," this is where it comes from.
The primary targets for most phishing attacks in this day and age are against financial institutions. Several years ago the Internal Revenue Service was hit with an outbreak of phishing e-mails; after having the attacks brought to their attention, the IRS responded by taking legal action and providing consumers with ways to avoid further attacks. Most major U.S. banking institutions have also been affected including U.S. Bank, Bank of America, and Chase. Another good example was an attack against online stock broker TD Ameritrade which allowed hackers to access user's addresses, name, phone numbers, and social security numbers.
Another big target is social networking sites including MySpace, Facebook, Friendster, and LinkedIn. This may have become the most popular area of attack for phishers recently, and maybe the most successful as well. An experiment conducted by the University of Indiana showed that more than 70% of all phishing attacks against social networking sites are successful.
One of the most common ways phishers obtain information is through link manipulation. What this is relates to is phishers using legitimate looking websites to obtain a consumer's personal information. The ways this can be achieved are quite numerous; pop-ups, the use of flash animation, misspelled URL's, and fraudulent security certificates are all tools used to obtain your personal information.
It's hard to really gauge the true amount of monetary damage caused by phishing attacks. Microsoft claims that phishing attacks in recent years have cost consumers and businesses in the United States more than $60,000,000, although this claim is disputed by several sources who claim the amount is in the billions of dollars.
While phishing attacks are always on the increase, there are ways to help protect yourself as well as your assets. The first thing is be vigilant and aware of those asking for your personal information right out of the blue. Most if not all of these calls are from phishers trying to obtain your personal information. Also make sure your internet browser has the latest updates which will help to deter bogus websites. But perhaps the most important thing is just to use common sense and be aware of your information.
Phishing, (Wikipedia) - http://en.wikipedia.org/wiki/Phishing
Social Phishing, (Jagatic, Johnson, Jakobbson, and Menczer) - http://www.indiana.edu/~phishing/social-network-experiment/phishing-preprint.pdf
Suspicious e-Mails and Identity Theft, (Internal Revenue Service) - http://www.irs.gov/newsroom/article/0,,id=155682,00.html
A Profitless Endeavor: Phishing as Tragedy of the Commons, (Hurley, Florencio) - http://research.microsoft.com/en-us/um/people/cormac/Papers/PhishingAsTragedy.pdf