Phishing – Part 4
"Phishing" continues to be one of the most fraudulent activities happening on the Internet. A lot of people are still not aware of phishing and, more alarming, a non-trivial number of people are being caught off guard by it and providing their personal and finananical information to perpetrators of fraud . According to the Anti-Phishing Working Group, there are nearly 1,000 web sites which use "social engineering and technical subterfuge" to steal consumers’ personal identity data and financial account credentials. I have shared some examples of phishing attacks I have seen personally (see the PKI category of patrickWeb). Basically, phishing attacks are emails which "spoof" the identity of eBay, Citibank, or other legitimate organizations; i.e. . they make the email look as though it had come from the legitimate organization. In the earlier days of phishing attacks, you could see telltale signs such as misspellings or grammatical errors. However, the phishers are getting more sophisticated — and perhaps using spell checkers and grammar checkers.
This week I received an attack that looked and sounded quite legitimate. The following is the email I received, what actions I took, and what I learned about validating such emails. (read more)
