What is Email Phishing?
- Home
- Technology & Communications
- Tutorials
- What is Email Phishing?
Did You Know...
The word phishing comes from the analogy that Internet scammers are using e-mail lures to fish for passwords and financial data from the sea of Internet users. The term was coined in 1996 by hackers who were stealing AOL Internet accounts by scamming passwords from unsuspecting AOL users. Since hackers have a tendency to replacing "f" with "ph" the term phishing was derived.
Definition
Phishing - is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication.
The new phish – Spear Phishing
The newest type of phishing scam is one that focuses on a single user or a department within an organization. The Phish appears to be legitimately addressed from someone within that company, in a position of trust, and request information such as login IDs and passwords. Spear phishing scams will often appear to be from a company's own human resources or technical support divisions and may ask employees to update their username and passwords. Once hackers get this data they can gain entry into secured networks. Another type of spear phishing attack will ask users to click on a link, which deploys spyware that can steal data.
Rules to avoid being phished:
Never click the links within the text of the e-mail.
Never send your username, password, bank account or credit card numbers.
If you get a message that asks for confidential information or the message just doesn’t make sense do NOT reply; DELETE the message.
Still in doubt? Please call the Technology Help Center at x2111
Examples of a Phishing Attack:
-----Original Message-----
From: Edu Webmail Team!! [https://webmail.edinboro.edu/create?mailto:support@schoolmail.edu]
Sent: Thursday, September 18, 2008 6:55 PM
Subject: Your Email Account Confirmation...
Attn. Edu webmail users,
We regret to announce to you that we will be making some vital
maintainance on our {edu} webmail. During this process you might have
login problems in signing into your Online account, but to prevent this
you have to confirm your account immediately after you receive this
notification.
To confirm and to keep your account active during and after this
process, please reply to this message with the below account informations.
Failure to do this might cause a permanent deactivation of your user account
from our database to enable us create more spaces for new users.
YOUR EDU ACCOUNT CONFIRMATION
Name:
E-mail ID:
E-mail Password:
Date of birth:
Your account shall remain active after you have successfully confirmed
your account details.
Thanks for bearing with us.
EDu WEBMAIL TEAM
| Subject: |
Notice from Department of the Treasury |
| From: |
Department of the Treasury |
we have determined that you are eligible to receive
a tax refund under section 501(c) (3) of the
Internal Revenue Code. Tax refund value is $189.60.
Please submit the tax refund request and allow us 6-9 days
in order to IWP the data received.
If u don't receive your refund within 9 business
days from the original IRS mailing date shown,
you can start a refund trace online.
they are exempt under section 497 (c) (15). In cases where the recipient org.
is not exempt under section 497 (c) (15), you must have evidence the funds will
be used for section 497 (c) (15) purposes.
If you distribute fund to individuals, you should keep case histories showing
the recipient's name and address; the purpose of the award; the maner of
section; and the realtionship of the recipient to any of your officers, directors,
trustees, members, or major contributors.
This notification has been sent by the Internal Revenue Service,
a bureau of the Department of the Treasury.
John Stewart
Director, Exempt. Organization
Rulings and Agreements Letter
Internal Revenue Service
