Phishing, Vishing, Pharming, or Spoofing???
Terms abound for the schemes criminals use to defraud, the following are the most common.
Phishing involves using a communication medium (typically e-mail) to illegally masquerade as a financial institution or well-recognized financial entity to trick consumers or industry employees into releasing personal or confidential information by way of the Internet. These attacks often direct the victim to a fraudulent web page that appears identical to the institutionís valid site. Upon entering personal information such as account numbers, PINs, or passwords, the attacker then has the information required to perform identity theft and commit fraud.
Vishing, or voice phishing, uses the same elements of phishing, but employs the telephone system rather than the Internet. Instead of directing a consumer to a fraudulent web site, vishers establish fraudulent phone numbers and use equipment that can interpret and store telephone keystrokes. Like a phish, an attack can be initiated by sending blast e-mails to many individuals in the hopes of receiving a small number of responses.
A pharmer redirects a consumer from a legitimate commercial web site he or she had intended to visit to a criminal one. The bogus site, to which the victim is redirected without his or her knowledge or consent, will likely look the same as a genuine site. But when a user enters his or her login name and password, the information is captured by the criminal.
Web spoofing happens when a scam artist creates a copy of a web site on the Internet. This copy looks the same as the real site, but is used in spoofing attacks to confuse and mislead the web siteís visitors; however, the scam artist controls the false web site to gain access to the following information:
- User identification logons
- User passwords
- Personal information
- Internet usage habits