Phishers lure unsuspecting visitors to fake Web sites that look like those of legitimate organisations. The aim is to persuade people to give their passwords and credit-card information, which the thief can then exploit. Among the firms to be targeted in this year’s wave of attacks was PayPal; authentic-looking e-mails were sent out asking people to update their details at a Web site that seemed convincing. More recently other financial institutions have been hit. As people are getting wise to the Web-site scam, phishing expeditions are now being conducted by virus attacks, in which message boxes pop up asking people for private information, which is then sent by e-mail to the attacker; often the virus also grabs the contents of the person’s address book as a source for further attacks. The term has been known in the hacker culture since about 1996, as an obvious respelling of fishing, but it has only hit the headlines in the mainstream press since about July this year.
An eBay spokeswoman said the company is focusing on its ongoing effort to educate customers to be suspicious of any e-mail messages that ask for personal information. The company posted warnings yesterday on its community message boards, security center and help area about phishing scams.
Newsday, 18 Nov. 2003
Most phishing scams have been delivered by massive spam blasts, but viruses have become the latest mechanisms because of their ability to spread far and wide.
The Toronto Star, 15 Nov. 2003