Abstract of Phishing

In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. Phishing is a fraudulent e-mail that attempts to get you to divulge personal data that can then be used for illegitimate purposes.

PHISHING TECHNIQUES

Phishers use a wide variety of techniques, with one common thread.

Link Manipulation

Most methods of Phishing use some form of technical deception designed to make a link in an e-mail appear to belong to the spoofed organization. Misspelled URLs or the use of sub domains are common tricks used by Phishers. In the following example, http://www.yourbank.example.com/ , it appears as though the URL will take you to the example section of the yourbank website; actually this URL points to the " yourbank " (i.e. Phishing) section of the example website.

An old method of spoofing used links containing the ' @ ' symbol, originally intended as a way to include a username and password. For example, http://www.google.com@members.tripod.com/ might deceive a casual observer into believing that it will open a page on www.google.com , whereas it actually directs the browser to a page on members.tripod.com , using a username of www.google.com : the page opens normally, regardless of the username supplied.