What is Phishing?

Phishing is an online term that refers to fraudulent act done by individuals who attempt to persuade others regarding sensitive information such as credit card information, usernames, and passwords. Interestingly enough, the term phishing means as it is pronounced “fishing” or “bait”. Basically, phishing is another form of identity theft. The criminals use fake websites that look legitimate, so they can lure or "bait" their victims to enter the sensitive information on the websites that the criminals set up. Typically, phishing is spread to people by e-mails or, even social networks such as Facebook.

According to Webopedia.com, phishing is defined as:
(fish´ing) (n.) The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user’s information.

Common Elements About Phishing

Further, the website outlines common elements that are shown on phishing e-mails. Followings are taken from the website stating about the elements:

1. The "From Field" appears to be from the legitimate company mentioned in the e-mail. It is important to note, however, that it is very simple to change the "from" information in any e-mail client. While we're not going to tell you how, rest assured it can be done in a matter of seconds!

2. The e-mail will usually contain logos or images that have been taken from the Web site of the company mentioned in the scam e-mail.

3. The e-mail will contain a clickable link with text suggesting you use the inserted link to validate your information. In the image you will see that once the hyperlink is highlighted, the bottom left of the screen shows the real Web site address to which you will go. Note that the hyperlink does NOT point to the legitimate Citibank Web site URL.

Additionally, you may spot some of these elements that did not appear in this particular scam:

 Logos that are not an exact match to the company's logo, spelling errors, percentage signs followed by numbers or @ signs within the hyperlink, random names or e-mail addresses in the body of the text, or even e-mail headers which have nothing to do with the company mentioned in the e-mail.

What You Can Do To Protect Yourself From Phishing:

• When you receive emails asking you to follow a specified link, although it looks legitimate, delete it immediately. Never reply or click the link contained on the body of the e-mails.
• Monitor and review your credit history regularly and carefully from all credit report agencies.
• If there are any unauthorized entries or inaccuracies, report the issues to your banks or credit agencies immediately.
  
• Always change your passwords at least every three months to avoid your passwords being used to access your accounts.
• Destroy sensitive documents that may contain your important personal information, such as social security or bank account numbers. Do it with a shredding machine.
• If you enter a secured website, always look for the "https" word at the beginning of the URL. This will assure you that the website is safe to browse or to access into.
  
• Use current browsers that have a phishing filter installed, such as Mozilla Firefox and Opera browsers.
  

Further Information

Wikipedia.org provides an excellent information about phishing including phishing history, phishing techniques, damages caused by phishing, and anti-phishing practices.

Attachment
Please see the attachment to view a sample of phishing e-mail.