phishing

(redirected from Phishing site)
Also found in: Dictionary, Financial.

phishing

(security)
("brand spoofing", "carding", after "fishing") /fishing/ Sending e-mail that claims to be from some well-known organisation, e.g. a bank, to trick the recipient into revealing information for use in identity theft. The user is told to visit a web site where they are asked to enter information such as passwords, credit card details, social security or bank account numbers. The web site usually looks like it belongs to the organisation in question and may silently redirect the user to the real web site after collecting their data.

For example, a scam started in 2003 claimed that the user's eBay account would be suspended unless he updated his credit card information on a given web site.

phishing

Pronounced "fishing," phishing is a scam to steal valuable information by tricking novice users into handing over credit card and social security numbers, user IDs and passwords. Email was the original phishing "bait;" however, any means whereby users voluntarily divulge sensitive information may be considered phishing. For example, malicious apps in the Amazon Alexa and Google Home virtual assistants have been known to trick users for their passwords.

How Email Phishing Works
Also known as "brand spoofing," an official-looking email is sent to potential victims pretending to be from their bank or retail establishment. Emails can be sent to people on any list, expecting that some percentage will actually have an account with the organization.

The email states that due to internal accounting errors or some other pretext, certain information must be updated to continue service. A link in the message directs the user to a Web page that asks for financial information. The page looks genuine, because it is easy to fake a valid website. Any Web page can be copied and modified to suit the phishing scheme (see website copying). Instead of a Web page, the user may be asked to call an 800 number and speak with a live person, who makes the scam seem even more genuine.

Anyone Can Phish
A "phishing kit" is a set of software tools that help the novice phisher copy a target website and make mass mailings. The kit may even include lists of email addresses. See pharming, vishing, smishing, twishing and social engineering.

"Spear" Phishing and Longlining
Spear phishing is more targeted and personal because the message supposedly comes from someone in the organization everyone knows, such as the head of human resources. It could also come from a made-up name with an authoritative title such as LAN administrator. If even one employee falls for the scheme and divulges sensitive information, it can be used to gain access to more company resources.

The "longline" variant of spear phishing sends thousands of messages to the same person, expecting that the individual will eventually click a link. The longlining term comes from using a large number of hooks and bait on a long fishing line, and mobile phones are major targets for this approach.

Report a Suspected Scheme
Any suspected phishing scheme can be reported to the Anti-Phishing Working Group at www.antiphishing.org.
References in periodicals archive ?
A post on Reddit, an American social news aggregation and discussion website, claimed to offer a 25 percent bonus with a Libra pre-sale and provided a link to a phishing site that closely resembles the real one.
Don't make purchases or check bank statements over public Wi-Fi, as malicious actors can intercept data, capture your web traffic, or redirect you to malware or phishing sites. If you use public Wi-Fi frequently, consider encrypting your traffic via a personal VPN connection service.
This is a part of the application that is responsible for the scanning and detection of phishing sites. This component uses some set of rules to verify the authenticity of a URL in the user's inbox.
Construction of Phishing Site. In the first step attacker identifies the target as a well-known organization.
The fraudulent e-mail comes from "Your e-Services Team" and bears the subject line "Security Awareness for Tax Professionals." It has both an IRS logo and an e-Services logo that hyperlinks to a verified phishing site that poses as an e-Services registration page.
Bing's malware and phishing site warnings have been expanded to offer more information on the type of threat from the identified malware sites.
Exploiting the high consumer demand for shipping services, attacks present customers with a malicious programme download or phishing site in which to enter their confidential data.
For this study, any site domain whose age is below 3 months is regarded as a phishing site otherwise it is a legitimate one.
In Fuzzy data mining method, Maher Aburrous [4] uses a combination of data mining algorithms and fuzzy systems, in order to evaluate the risk of online banks that are exposed to phishing websites and through feature extraction detects the phishing site. In this method, a number of data mining classification techniques are used such as JRip, PART, Prism, and C4.5.
If users accidently type in their password into a phishing site, they will see a pop-up asking them to change their password.
The blacklist based method constructs a blacklist of collected phishing site URLs.
If we treat every phishing site on a particular server as a different attack, whatever the time delay, then we observe a recompromise rate of 20% after 5 weeks, rising to 30% after 24 weeks.