Cyber Awareness Bulletin
The following cyber awareness bulletin was issued by the State of Alaska. The information may or may not be applicable to the general public and accordingly, the State does not warrant its use for any specific purposes.
Phishing involves the distribution of 'spoofed' e-mail messages with return addresses, links, and branding which appear to come from banks, insurance agencies, retailers, credit card companies, and other legitimate businesses.
Phishing is a variation on the word fishing: fishers (and phishers) set out hooks, knowing that although most of their prey won't take the bait, they just might entice some to bite.
The design of these fraudulent messages are to trick the recipients into disclosing personal information and authentication data such as account usernames, passwords, credit card numbers, social security numbers, and home addresses. Most of these e-mails look "official," and as a result, recipients often respond to them, resulting in financial losses, identity theft, and other fraudulent activity.
1422 unique phishing scams were discovered in the month of June 2004 alone.
- Anti-Phishing Working Group
Phishers use various social engineering and spoofing techniques to try to trick their victims. Recently, a 17-year-old sent out messages that appeared to be from America Online. This fraudulent e-mail stated there had been a billing problem with recipients' AOL accounts. The fraudulent e-mail used AOL logos and contained legitimate links.
If recipients clicked on the "AOL Billing Center" link, they were redirected to a spoofed AOL Web page that asked for personal information, including credit card numbers, personal identification numbers (PINs), social security numbers, banking numbers, and passwords.
The Federal Trade Commission (FTC) warns users to be suspicious of any official-looking e-mail message that asks for updates on personal or financial information and urges recipients to go directly to the Web site of the company to find out whether the request is legitimate. If you suspect you have been phished, forward the e-mail to firstname.lastname@example.org or call the FTC help line, 1-877-FTC-HELP.