phishing

(redirected from Anti-phishing)
Also found in: Dictionary, Financial.

phishing

(security)
("brand spoofing", "carding", after "fishing") /fishing/ Sending e-mail that claims to be from some well-known organisation, e.g. a bank, to trick the recipient into revealing information for use in identity theft. The user is told to visit a web site where they are asked to enter information such as passwords, credit card details, social security or bank account numbers. The web site usually looks like it belongs to the organisation in question and may silently redirect the user to the real web site after collecting their data.

For example, a scam started in 2003 claimed that the user's eBay account would be suspended unless he updated his credit card information on a given web site.

phishing

Pronounced "fishing," it is a scam to steal valuable information such as credit card and social security numbers, user IDs and passwords. Also known as "brand spoofing," an official-looking email is sent to potential victims pretending to be from their bank or retail establishment. Emails can be sent to people on selected lists or any list, expecting some percentage of recipients will actually have an account with the organization.

Email Is the "Bait"
The email states that due to internal accounting errors or some other pretext, certain information must be updated to continue your service. A link in the message directs the user to a Web page that asks for financial information. The page looks genuine, because it is easy to fake a valid website. Any HTML page on the Web can be copied and modified to suit the phishing scheme. Rather than go to a Web page, another option is to ask the user to call an 800 number and speak with a live person, who makes the scam seem even more genuine.

Anyone Can Phish
A "phishing kit" is a set of software tools from phishing developers that help the novice phisher copy a target website and make mass mailings. It may even include lists of email addresses (how thoughtful of people to create these kits!). In the meantime, if you suspect a phishing scheme, you can report it to the Anti-Phishing Working Group at www.antiphishing.org. See pharming, vishing, smishing and twishing.

"Spear" Phishing and Longlining
Spear phishing is more targeted and personal. The message supposedly comes from someone in the organization everyone knows, such as the head of human resources. It could also come from someone not known by name, but with an authoritative title such as LAN administrator. If even one employee falls for the scheme and divulges sensitive information, it can be used to gain access to more of the company's resources.

The "longline" variant of spear phishing sends thousands of messages to the same person, expecting that the individual will eventually click a link. The longlining term comes from using a large number of hooks and bait on a long fishing line, and mobile phones are major targets for this approach.
References in periodicals archive ?
The anti-phishing security checks were introduced soon after many Gmail users were targeted by a phishing scam .
Our products range from anti-phishing and secure browsing to multifactor authentication and transaction anomaly detection, offering a one-stop shop for multiple fraud prevention services.
AV-Comparatives staff tested Fortinet's anti-phishing capabilities along with 15 other endpoint security solutions from multiple countries for phishing URL detection and false positives.
In the test scenario, AV-Comparatives simulates the common situation where users rely on the anti-phishing protection provided by their security products while browsing the web," the report said, adding "the phishing campaigns targeted various types of personal data, including login credentials for PayPal, online banking & credit cards, e-mail accounts, eBay, social networks, online games and other online services".
Advanced protection includes also improved anti-phishing module.
8220;Phishing's continued success as an attack vehicle after over a decade of anti-phishing efforts is clear evidence that numerous anti-phishing technologies are failing,” Steinberg said.
While the cessation of phishing operations by the Avalanche phishing group is great news for the anti-phishing community, their shift to the nearly exclusive distribution of Zeus malware is an ominous development in the e-crime landscape," said study co-author Rod Rasmussen of Internet Identity in Tacoma, Wash.
Second, make sure you're using an up-to-date internet browser with built in anti-phishing capabilities, such as Internet Explorer 8, Firefox or Chrome.
Tokyo, Japan, Apr 3, 2006 - (JCN) - NTT Comware will launch sales of PHISHCUT, an anti-phishing solution which utilizes digital watermarking technology.
The solution scans words common to phishing, identifying and treating the message as spam once the words are found, and works at a server level, which removes the need for anti-phishing software to be installed on every desktop.
The new service, available from September 8, 2005, is designed to make security enhancements such as digital signing and anti-phishing protection easier than ever.

Full browser ?