Phishing, Smishing & Vishing

From software to hardware, breakthough to disaster, it all belongs here!

Moderator: CricketMX Forum Moderators

Post Reply
User avatar
Posts: 18999
Joined: Mon Jan 12, 2004 8:07 am

Phishing, Smishing & Vishing... makes you vish life wasn't quite so complicated!! :wink:

Pronounced "fishing," it is a scam to steal valuable information such as credit card and social security numbers, user IDs and passwords. Also known as "brand spoofing," an official-looking e-mail is sent to potential victims pretending to be from their ISP, bank or retail establishment. E-mails can be sent to people on selected lists or on any list, expecting that some percentage of recipients will actually have an account with the real organization.

E-Mail Is the "Bait"
The e-mail states that due to internal accounting errors or some other pretext, certain information must be updated to continue your service. A link in the message directs the user to a Web page that asks for financial information. The page looks genuine, because it is easy to fake a valid Web site. Any HTML page on the Web can be copied and modified to suit the phishing scheme.

Anyone Can Phish
A "phishing kit" is a set of software tools that help the novice phisher imitate a target Web site and make mass mailings. It may even include lists of e-mail addresses. How thoughtful of people to create these kits. In the meantime, if you suspect a phishing scheme, you can report it to the Anti-Phishing Working Group at See pharming, vishing and smishing.

The "Spear" Phishing Variant
Spear phishing is more targeted and personal. The e-mail supposedly comes from someone in the organization everyone knows such as the head of human resources. It could also come from someone not known by name, but with a title of authority such as a LAN administrator. Once one employee falls for the scheme and divulges sensitive information, it can be used to gain access to more of the company's resources. ... 176,00.asp

SMS phISHING- The mobile phone counterpart to phishing. Instead of being directed by e-mail to a Web site, a text message is sent to the user's cellphone with some ploy to click on a link. The link causes a Trojan to be installed in the phone. ... 623,00.asp

(Voice phISHING) Also called "VoIP phishing," it is the voice counterpart to phishing. Instead of being directed by e-mail to a Web site, an e-mail message asks the user to make a telephone call. The call triggers a voice response system that asks for the user's credit card number. The initial bait can also be a telephone call with a recording that instructs the user to phone an 800 number.

In either case, because people are used to entering credit card numbers over the phone, this technique can be effective. Voice over IP (VoIP) is used for vishing because caller IDs can be spoofed, and the entire operation can be brought up and taken down in a short time, compared to a real telephone line. ... 067,00.asp
~~~In the year 2040...I'll have 100,000 posts!!~~~
Post Reply