Tuesday, October 6, 2009

What is Phishing?

Phishing is the criminally deceitful way of attempting to acquire sensitive information such as usernames, passwords, and credit card details by attempting to pose as a trustworthy entity in an electronic communication. Communications claiming to be from popular social web sites, auction sites, IT Administrators, or online payment processors are commonly used to lure the innocent unsuspecting public. It is typically carried out by email or instant messaging and often directs users to enter details at a fake website whose look and feel are similar to the original one. Even if one uses server authentication it needs tremendous skill on the part of the user that the website is authentic or fake. Phishing exploits the vulnerabilities of the current web security technologies.

User training, legislation, public awareness, and technical security measures are the attempts that are used to deal with growing number of phishing reported incidents. A phishing technique was first described in detail in 1987 and the first time the use of the word “phishing” was recorded was in 1996. The term is a variant of fishing, possibly influenced by phreaking and possibly refers to the “baits” used to catch financial information and passwords.