PAY ATTENTION WHEN YOU RECEIVE AN E-MAIL TO WRITE PASSWORD
The act of sending an email to a user falsely claiming to be
an established legitimate enterprise in an attempt to scam the user into
surrendering private information that will be used for identity theft.
Phishing email will direct the user to visit a website where
they are asked to update personal information, such as a password, credit card,
social security, or bank account numbers, that the legitimate organization
already has. The website, however, is bogus and set up only to steal the information
the user enters on the page.
Phishing emails are blindly sent to thousands, if not
millions of recipients. By spamming large groups of people, the
"phisher" counts on the email being read by a percentage of people
who actually have an account with the legitimate company being spoofed in the
email and corresponding webpage.
It is the attempt to acquire sensitive information such as
usernames, passwords, and credit card details (and sometimes, indirectly,
money) by masquerading as a trustworthy entity in an electronic communication.
Communications purporting to be from popular social web sites, auction sites,
banks, online payment processors or IT administrators are commonly used to lure
unsuspecting public. Phishing emails may contain links to websites that are
infected with malware. Phishing is typically carried out by email spoofing or
instant messaging and it often directs users to enter details at a fake website
whose look and feel are almost identical to the legitimate one. Phishing is an
example of social engineering techniques used to deceive users and exploits the
poor usability of current web security technologies. Attempts to deal with the
growing number of reported phishing incidents include legislation, user
training, public awareness, and technical security measures.
It is a continual threat that keeps growing to
this day. The risk grows even larger in social media such as Facebook, Twitter
and MySpace etc. Hackers commonly use these sites to attack persons using these
media sites in their workplace, homes, or public in order to take personal and
security information that can affect the user and the company (if in a
workplace environment). Phishing is used to portray trust in the user since the
user may not be able to tell that the site being visited or program being used
is not real, and when this occurs is when the hacker has the chance to access
the personal information such as passwords, usernames, security codes, and
credit card numbers among other things.