What is Phishing?

Phishing uses various techniques to steal money from individuals online. Typically, this means criminals gain access to such information as passwords and credit card details, by posing as a legitimate person or business using an "official" electronic communication. It may be a legitimate-looking email, Web site, or less commonly, an instant message.

Most phishing attacks are targeted at individuals and are often distributed via botnets in the control of large criminal networks who use the same botnets to distribute spam messages. Without an adequate phishing filter to isolate such messages, phishing probes get through and many recipients fall for the deception.

The damage caused by phishing ranges from loss of access to email, to substantial financial loss. The U.S. loses billions of dollars to phishing scams every year. One reason for the success of this scheme is that skilled phishers have well-crafted approaches. Another is that many people are uninformed about phishing threats and aren’t skeptical of emails they receive. After someone has provided their social security number and credit card details to a fake Web site, phishers are able to create accounts using their name and defraud credit companies. Online banking scams can enable phishers to empty a person's personal account with one keystroke.

Some phishing attacks send a message that appears to be from a person’s bank, reporting a problem with the account. The message asks that the person call a phone number to address the problem. When the call is made, the person is prompted to enter their account numbers and PIN. Those who do will typically find that their funds have soon been withdrawn.

Spearfishing

Spearphishing is a relatively new approach for the online malware community. As its name suggests, a spearphishing attack involves a specific target - usually a certain company, government agency, organization or group. Spearphishers send emails to all company employees from what appears to be a trusted source, such as the person who manages the computer system. Messages may request user names, passwords or other private information.

The email sender information has been faked with the aim of accessing a company's entire computer system. If a target recipient responds with a user name or password, clicks links or opens attachments in a spearphishing email, pop-up window, or Web site, the consequence can be identity theft.

How to Beat Phishers

The best way to avoid become a victim of phishing is to become knowledgeable about potential phishing methods. Users who suspect a phishing attempt should contact the company in question to check if the email is legitimate. In addition, rather than use the link in the email, users can visit the company’s official Web site by typing a trusted Web address in their browser.

In addition, spam filters are an important first line of defense against phishing attempts because they reduce the number of phishing-related emails that users receive. Anti-phishing software is available to help sniff out phishing contents on Web sites, act as a toolbar that displays the real domain name for the visited Web site, or spot phishing attempts in email. For banks and other organizations susceptible to phishing attacks, certain dedicated companies offer round-the-clock services to monitor, analyze and potentially shut down phishing Web sites.

Experts believe phishing will decrease as users increase their level of knowledge about the practice, and methods to block it are improved. Nevertheless, with such easy money available, online criminals may develop new strategies for stealing private information.

Disclaimer: TDS Internet Services provides this page as a benefit to customers so you can learn more about security. TDS Internet Services does not represent that this page or any information on it will meet your requirements or prevent unauthorized access to your computers, network, servers, and other equipment, or to any data information or files on any of them. The information provided by TDS Internet Services should not be construed as an endorsement of particular security products or a customer’s security practices.

Insecurity of the Internet. CONNECTION TO THE INTERNET CREATES INSECURITY. Security and disruption problems are inherent in the Internet. The very openness of the Internet creates risks that the Internet is insecure, and vulnerable to both intentional and unintentional disruption. Security breaches can occur for technical and other reasons, and, despite the implementation of security measures, we cannot guarantee that our networks are not vulnerable to unauthorized and illegal access, computer viruses and other disruptive problems. Our ability to provide our services depends in part on the reliability of the Internet and the networks of our partners, and our services can also be negatively affected by limitations inherent in the technology infrastructure supporting the Internet and the internal networks of Internet users. Customer must provide adequate information security for their own networks by using appropriately complex passwords, firewalls, and updated anti-virus and anti-spyware software.