TrustedBank Phishing Email

Phishing can be described as a fraudulent misrepresentation made towards an individual with the aim of obtaining certain personal identifiable, as well as financial, information in order to commit further acts of fraud.

Generally, Phishing acts attempt to gather the following information from victims:

Names, surname, address and contact information, access information to financial institutions and passwords.

How the fraud is committed

Fraudsters will compile a fraudulent e-mail claiming to be a financial institution informing its clients of a breach in security. Victims will be informed that their accounts are to be suspended and they are required to verify certain personal information. The fraudulent e-mail message will state that failure to comply to the request will result in closure of the bank account. A hyperlink is provided in the e-mail message on which victims should click to be taken to the website where they are about to ‘confirm’ their personal identifiable information.

Fraudsters will then launch a website, which is generally a clone of the original financial institution. As victims click the hyperlink in a Phishing e-mail, they will be under the impression that they have been linked to their own financial institution. Here fraudsters will have designed a form which victims must complete. Upon submitting the form the personal information will be forwarded to the offenders.

The e-Mail message will now be circulated to thousands of e-Mail addresses in the hope that at least one person will be a client of the bank or financial institution mentioned in the e-Mail address. The hope of fraudsters is that a person will click on the link, complete the online form with his or her personal identifiable information and submitting the information back to them.

Fraudsters are now in possession of the personal identifiable information of an individual as well as his or her banking and credit card information.

Personal identifiable information

Many questions are asked as to what offenders are doing with information gathered by Phishing. In the majority of instances offenders are more interested in credit card information. This is used to commit fraud online by conducting Internet purchases.

Offenders also often compiles lists containing personal information on individuals and sell these lists to other offenders or people interested in this information.

The origin of Phishing

One Phishing technique was described in detail in a paper and presentation delivered to the International HP users group, Interex in 1987. However, the first recorded mention of the term ‘Phishing’ was on the 2^nd of January 1996 on the alt.online-service.America-online Usenet newsgroup.

Here Phishing started after AOL implemented measures in 1995 to prevent the use of fake, algorithmically generated credit card numbers to open accounts. AOL Crackers started resorting to Phishing in order to obtain information on legitimate AOL accounts with the aim of exploiting the service.

Crackers often sent instant messages to users claiming to be staff members and required the verification of accounts. In this way certain personal information and access information was divulged to Crackers.

From AOL to Financial Institutions

After the initial successes in obtaining personal and financial information, crackers started looking at other measures in obtaining more information from other Internet users. The first recorded Phishing scam against a payment system service was in June 2001 against e-Gold.

By 2004 Phishing had grown in such a manner that it became officially recognized as part of the economy of crime, responsible for losses exceeding hundreds of millions of Dollars. Between 2004 and 2005 a number exceeding 1.2 million individuals fell victim to Phishing fraud.

The future of Phishing fraud

5 years later and Phishing fraud is still a phenomenon that the majority of Internet users experience. E-mails requesting an individual to confirm information still end up in our e-mail inboxes on a daily basis.

Anti-Phishing measures are being implemented by all major Internet role-players, such as e-mail service providers, financial institutions and payment systems limiting the losses associated with this fraud.

New trends in Phishing attempts indicate that Phishing fraud is now moving aggressively to telephonic scams instead of e-mail messages. This new phenomenon is referred to as Vishing where an individual is requested to contact a number to confirm information rather than clicking on a link in an e-mail and doing it online.

For more information on Vishing scams, please visit: http://fraudencyclopedia.com/2009/06/22/vishing-phishing-by-phone/