The rapid increase in the number of users of electronic mail and the low cost of distributing electronic messages via the Internet and other electronic communications networks has made marketing and communications with existing customers via e-mail an attractive advertising medium. Consequently, in addition to communications that are warranted by consumers, e-mail is now frequently used as the medium for unsolicited communication and marketing broadcasts of messages to e-mail addresses, commonly known as “Spam”. “Phishing”, which may include e-mail identity fraud and brand impersonation are the newest forms of harmful Spam attacks that threaten the integrity of companies doing business online. Fraudulent Phishing email messages may be considered to be, for example, messages that appear to be sent from a legitimate company's website or domain address, but in fact are not. In reality, spammers or other parties are hijacking the company's brand to attract the attention of customers, often to gain personal information.
Lately, financial institutions as well as other companies that have a trusted relationship with their customers have been attacked by Phishing. For the sake of example, and without limiting the generality of the phenomena, if a bank is attacked by Phishing, individuals may receive an e-mail which is allegedly sent by the bank, and are persuaded into supplying private or valuable identifying personal data online under several pretences—for example, without limitation,—so that the bank can register them to a new service, or to protect against unauthorized charges.
The damage to the bank, or any other company whose identity if faked is significant. Phishing can injure valuable corporate brand equity, ruin customer trust, increase operational costs through growing customer complaints, and present additional risks and problems. The bank or other attached company may has to publish a general warning to its customers, and sometimes even cancel or block people's accounts.
Phishing may involve, but is not limited to, for example: (1) The originators of “Phishing” e-mails attempt to make the e-mail distributed seem to be coming from a legitimate source. In order to achieve that goal, the Phishing e-mail may be disguised as a legitimate e-mail, and includes elements and characteristics of a legitimate organization, such as (without limitation) logo, domain names, brands and colors; (2) In order for the Phishing to be advantageous for its originators, the originators of “Phishing” need to somehow divert information that the trusting consumers submit in response to the seemingly legitimate e-mail. Such information might be diverted via for example a link to a separate web-page that requires the individual to input valuable private information, or via telephone, if the e-mail directs the recipient to call a certain telephone number (following which the recipients valuable information might be collected over the phone). Such illegitimate links or contact telephone numbers may be referred to as “illegitimate contact pointers”.
The implications of the above characteristics of Phishing are that any Phishing e-mails typically include a mixture of both legitimate and illegitimate contact pointers (such as links to other web pages or telephone numbers). Legitimate contact pointers would point to web pages or telephone numbers that belong to legitimate e-mail senders. Illegitimate contact pointers would point to web pages or telephone numbers that belong to the parties committing fraud.