Phishing Scams what are they?
Simply stated phishing scams are a method of fraudulently obtaining a victim’s information to gain access to personal accounts. This can be quite deceptive and clever criminals can use a variety of means that look legitimate and official.
How does Phishing Work?
Phishing Scams can come in many forms and that is where the danger is. Here are some of the most common phishing schemes:
• Deceptive Phishing – email messages about the need to verify information, system failure requiring you to re-verify your account, etc. These look official and can seem create anxiety for some. They want to create a sense of urgency that you must respond immediately.
• Malware – based Phishing – these are prevalent on the social media sites and are usually triggered by an email attachment or link that exploits security vulnerabilities in your browser.
• Keyloggers and Screenloggers – type of malware that tracks your keyboard and other screen input and send to hacker via the internet. This happens when a file embeds itself in your browser as a small utility program and then runs automatically every time you open your browser.
• Session Hijacking - this is an attack where the victim’s activities are monitored remotely until they sign in to a bank account as example. After which the hacker can then use the credentials to transfer funds without the user’s knowledge.
• Web Trojans – in logging into a non-secure website the Trojan pops p invisibly and collect the user’s credentials and transmits to the hacker.
• Data Theft – unsecured computers often contain subsets of information stored on secured servers. Unsecured data can be compromised and stolen ie legal opinions, employee records that might contain social security information or other damaging information.
• DNS – based Phishing (Pharming) – this is a complex scheme that involves file modification of the DNS name. Hackers tamper with the URL and domain name system so they can return a bogus address and subsequent communications are directed to a fake site.
• Content-Injection Phishing – this is similar to the DNS Phishing scheme however in this situation the hacker replace parts of the legitimate site with false content for the purpose of the gathering the user’s confidential log-in information.
• Man-in-the-Middle Phishing – this is one of the more difficult types of phishing scams to detect as hacker position themselves between the user and legitimate website. There purpose is to record the information being entered i.e. login or passwords. The hacker can the sell the or use the information when the user is not on the system.
• Search Engine Phishing – in this scheme the phisher creates websites with attractive offers (these score high in the search engines). However the product or service is a ‘scam”.
Recognize any of these phishing scams? Have you been the victim? If so, share your story with us below.
Return to the top - Phishing Scams
Back to Types of Identity Theft
Back to the Home Page