Fraudulent and deceitful activity has existed since the inception of crime itself, and as society has advanced, so too have the methods used to carry out fraudulent activities. Relatively recently, the internet and electronic mail, known more commonly as “email” or “e-mail,” have become staples of the public at large. Fraudulent and deceitful activities have evolved to meet this new niche. An example of one such activity is phishing. At its most basic, phishing is the process of attempting to acquire sensitive user information, such as user names, passwords, or credit card details by masquerading as a trustworthy entity in an electronic communication.
Phishing has become a growing public concern, and unfortunately, the act can take a variety of forms and methods. In one example, a “phisher” can contact an internet user through an email soliciting personal or financial information. The contact email can often resemble a communication from a well-known entity with whom the user has a pre-existing relationship. The fake email can solicit the user to either directly enter sensitive information in a reply email or in some instances to follow a link to a fake website where sensitive information would be requested. This fake website often mirrors the website of the well-known entity the phisher is attempting to resemble. In one example, the soliciting email would appear to be from the user's bank or any other entity with whom the user has an account.
The solicitation itself can be very convincing. Often, the fake email will persuade the user to relay personal information by pretending to be an entity that the user trusts, as previously described. The email will often seek to verify a user's information or fix a purported problem with their account. If the user believes that the email is legitimate and responds to the email, the phisher will essentially be handed whatever information the user can give. Any information the phisher obtains from an unsuspecting user can be used, but most often the phisher will seek social security numbers, checking or deposit account numbers, PIN numbers, passwords, credit card numbers, or any other related piece of information tied to the user.
The emails sent by phishers often appear to be completely legitimate. As a result, it is difficult for individuals to protect themselves from phishers and phishing websites. Corporations, on the other hand, have the resources, including time, money, and man-power, to combat these fraudulent techniques. With the right tools, a corporation could better protect itself and its customers from fraudulent internet based attacks, such as phishing schemes.