What is Phishing and why is it a problem?
Phishing (pronounced 'fishing') is the act of sending a fraudulent email to someone, falsely claiming to be an established and often trusted business or institution in an attempt to scam the user into surrendering private information that will be used for identity theft. In most cases the email directs the recipient to visit a website where they are asked to update personal information, such as username and password, credit card, social security, and bank account numbers. The website, however, is bogus and set up only to steal the victim's information.
Check out some of the additional resource links on the left.
Phishing in the News
|Security firm Trustwave targeted by phishing campaign|
|Customers of security firm Trustwave are being targeted by a phishing campaign that masquerades as a PCI DSS compliance scan, the company has warned.
The company said the phishers had copied the template of a real Trustwave scan notification, using it to serve Blackhole Exploit Kit sites targeting common Java, Flash and Reader exploits to infect victims with the Cutwail bot.|
|Phishing concerns cause double trouble|
|Episode 1: Last week the administrators of 7,000 university websites were being called upon to change their .edu domain account passwords after a server security breach. Trouble was that the breach had been reported to the admins by Educause -- the non-profit higher-education IT group that runs .edu -- via an email that some recipients complained bore the familiar markings of a phishing attempt.
The notification was legit ... but so were the phishing concerns.|
|Why Engineers Fall for Phishing Attacks|
|Most cyber attacks that ferret out intellectual property begin with malicious email messages containing code that then spreads through the user’s computer and from there onto the user’s corporate network. Surprisingly, some of the most susceptible employees in those attacks are software engineers who work in R&D labs. In other words, people who should really know better. Yet because these employees are accustomed to working in a test environment and not in production, said one Fortune 500 CEO recently, engineers tend not to take as much caution as other, more wary employees.|
More phishing news >>