What is Phishing attacks?
Phishing is the act of sending an email to a user falsely claiming to be a legitimate company in an attempt to scam the user into surrendering private information that will be used for identity theft. The email takes the user to a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate company already has. The website, however, is a fraud and set up only to steal the user's information. For example, 2004 saw the proliferation of a phishing scam in which users received emails supposedly from Mastercard claiming that the user's account was about to be suspended unless he clicked on the provided link and updated the contact information and credit card information from their Mastercard. Because it is relatively simple to make a website look like a legitimate organizations site by copying the HTML code, the scam counted on people being tricked into thinking they were actually being contacted by Mastercard and were subsequently going to Mastercard's site to update their account information. By spamming large groups of people, the "phisher" counted on the email being read by a percentage of people who actually had a Mastercard.
Phishing, also referred to as brand spoofing or carding, is a variation on "fishing," the idea being that bait is thrown out with the hopes that while most will ignore the bait, some will be tempted into biting. To read more, click here.