Sponsors & Links

Free Anti Spyware Downloads

Free Anti Virus Downloads

Free Firewall Downloads

Copyright © 2008
What Is Phishing
All rights reserved.

What Is Phishing?

Welcome to What Is Phishing. On these pages, I will explain to you in a basic non technical way what phishing is, how it happens and how to avoid falling in to the phishers trap. I will try to keep my explanations as simple as possible in order to advise people who are new to the internet and computers, because if you have ended up here by doing a search for what is phishing, then you may fall in to that category. If you want information on the various other types of internet frauds to be aware of, please visit my other websites at www.idtheft.co.uk and www.scam-info-links.info

First and foremost, banks, finacial institutions, eBay, PayPal and other legitimate businesses will never ask for your account login details via emails sent to you, if you've received an email claiming to be from your bank, eBay, PayPal etc, and it's asking you to confirm your account details and password, either by replying to the email with the details, or by entering your details on a webpage via a link given to you in the email, you can be 100% sure that is a phishing scam email.

Ok, lets start with the basics, out there in the midst of the internet, there are people who want your personal details, your banking details, your credit card details, infact, they want to know everything about you, having your online or offline banking information is big money to them, as is having you personal details with which they can steal your identity to purchase goods in your name. Victims of identiy theft suffer for years after it has happened, they can't get mortgages and they can't get credit, all because people have used their identity to run up large bills in that persons name, untangling the theft of identity can take a long time to recover from, and it's caused a lot by phishing emails.

So there you are browsing the internet, you decide to see if you've received any emails, you login to your email account and are happy to find you have mail, but you are not sure who the sender is. When viewing emails, most regular computer users will see an email from an unknown sender, and simply delete it. But there is another problem, what do you do if you see an email from someone you know at work, or even a relative, of course, you are going to open the email, read it, and possibly download the attachment sent by your work colleague or relative, I mean, who wouldn't, after all, it's a person known to you and they wouldn't send you anything malicious by email, would they? Wrong

This is where you might make your first mistake, you should never assume that the person who sent you the email is really your friend from work or your relative! For all you know, their email accounts could have been phished or hacked, and are now being used by a phisher to send out their phishing emails, alternatively, a phisher could simply be spooking the email, that is to say, they spoof the email to make it appear as if the email was sent from an email address known to you, when infact, it was simply spoofed to fool you in to opening it in the belief it was from someone you know.

When sending email, the most common ploys by phishers are to either send an attachment with the email for you to click and open, or to place a fake link in the email for you to click on. A common variation of phishing emails are those that are supposedly from your bank or paypal, with these, the phisher wants your bank or PayPal login details, the subject of the email and the contents of it are often something along the lines of, "urgent attention, we have recorded suspicious activity on your account, please login to your account and verify you are the account owner", many people fall for this trick and find all the money cleaned out of their accounts.

You will find a link in the email which takes you to your bank or PayPal login page, or to another security validation page where you have to input various details, such as your name, address, phone number, social security number, password etc. The problem is, you are not actually on your banks or PayPals, website, you are on a page that is often identical to your bank or PayPal, the only difference is, once you type all of information and click the submit button, those details are now in the hands of the phisher.

When dealing with online banks, PayPal, or for that matter, any other website you regularly use, never trust any email that gives you links to their site, ALWAYS go directly to the site by typing the known website address in to your browser. As an example, this is the sort of link you might see in a phishing email, it might say something like, click here to login to your PayPal account, or it might say, www.paypal.com. In both instances, neither of those links will take you to PayPal, they will simply open a new window with this site in them.

When reading your emails, hover your cursor over the links in the email, as an example, try it on the links I posted above, whilst the cursor is over the link, look at the status bar at bottom of the screen, depending on what browser you are using or how you have it set up, the status bar might be at the top or bottom of the page. But what you'll see is that when your cursor moves over the link, the url (website address) of the link will appear in the status bar, as you can see, when you hover over either of the PayPal links, it actually says www.whatisphishing.co.uk. With phishing emails, it's just the same, even though the link might say www.paypal.com like it does in my example link above, the link will take you somewhere else so they can steal your details, it might not even be a web address, it could simply be an IP address and letters in the form of http://123.45.678.90/sldndyg/fdgng/login, so obviously, if you see anything like that, you can bee 100% certain that is not the real website where you intended to be at if you clicked the link.

Another of the very common ploys is the sending of attachments by phishers, the attachments can have any number of different names in order to entice you to open them, it might be called, e-card from an admirer, or, your bank statement, or, message from mum etc. If you click the to open the attachment, you now have serious problems, in these attachments are things like trojans containing keyloggers, these are often not picked up by virus scanners installed on computers, so they deploy themselves on to your computer, the keylogger then copies everything you type and sends it back to the phishers, every password you use for your email accounts, PayPal accounts, eBay accounts and bank accounts, everything, including anything personal you write in emails, it is all sent back to the phisher.

Something I have not mentioned yet is self downloading malicious software, in the case where you click a phishing link in an email, simply by clicking it to open the webpage, that is all you need to do in order for the malicious script on the webpage to load itself on to your computer, many of the fake bank or PayPal phishing pages have scripts in them that do this, again, these are keyloggers that record every single thing that you type on your computer

Whilst a lot of malicious software is not detected, a lot of it is, but in order for your anti virus or anti spyware to work correctly, you need to make sure that they are updated on a regular basis, without updated anti virus database definitions, your scanners are worthless. I have mine set to automatically update every day as soon as I turn the computer on, a lot of people either just don't bother setting up automatic updates, or they don't know how to, it is quite simple to set up no matter which anti virus system you are using, and is worth those few minutes setting up just to give you that extra layer of security.