Identity theft victimizes millions of people each year and costs businesses billions of dollars. Internet-based identity theft is a type of Internet fraud that is increasingly viewed as a significant threat to consumers and businesses. Two inter-related methods of carrying out this Internet fraud are called “phishing” and “spoofing.”
Phishing is a term coined by hackers who generate e-mails that imitate legitimate e-mails from businesses or other organizations to entice people to share personal information, such as passwords, credit-card numbers, account information, etc. Phishing involves the distribution of fraudulent e-mail messages with return addresses, links, and branding that appear to come from banks, insurance agencies, or other legitimate businesses. Victims typically receive an e-mail telling them they must supply some personal information to the sender via return e-mail or using a web link.
Spoofing, as the term is applied to the web, refers generally to the practice of setting-up an illegitimate website that is designed to appear like a legitimate and reputable website. Such illegitimate websites typically present on-line forms for entering personal information, which is then stored and used by the operator of the illegitimate website for nefarious purposes.
The information gathering success of spoofing alone depends on web surfers randomly, often accidentally, browsing to the spoofing site, thus, effectiveness for the hacker is limited. However, when spoofing is combined with phishing, so that e-mails from the illegitimate website operator contain links to the illegitimate website, the spoofing gathers much more information for the hacker, since there is a mechanism to direct consumers to the illegitimate website in greater numbers. The illegitimate website in such a case can be referred to as a “phishing-related” website. Such websites often contain links to legitimate websites of the business being spoofed. In many cases, the phishing-related website directs the victim to the legitimate main website of the business being spoofed in order to further enhance the illusion of legitimacy.