Phishing

These day’s I am starting to feel unloved, ignored and just generally shunned. Why? Well I haven’t been subjected to a Phishing attack for several days now; I must be out of favour.

Phishing for those that don’t know is when you are encouraged to divulge sensitive information to a third party who is fraudulently masquerading as a trustworthy person or organisation through an apparently official electronic communication such as an email or instant message. To see a fuller explanation, click here.

My experience of Phishing has shown that there is a great difference in sophistication between attacks. The usual one will be an email cobbled together with little more skill than I could bring to the task, i.e. an official looking logo, and a corporate looking email address (though quite often subtly misspelled.) This won’t work though as it will purport to be from a financial institution I have never heard of (such as Sun bank of Florida,) or one that I have never had any dealings with.

The classier attacks, such as one where the Phisher was masquerading as Lloyds TSB, will actually make you think that there could be something in this, especially as increasingly they appear to be security alerts, warning you of the dangers of fraudulent emails.

Phishing, in Internet terms is not that recent phenomenon. In fact this year will mark a decade since the first recorded attacks on AOL users. Why there hasn’t been a parade I just don’t know, an oversight obviously.

Currently, it is generally easy to see when you’re being Phished, the communication will not look quite like how you’d imagine the finished article to appear. A spelling mistake here, a misplaced logo there, we will congratulate ourselves on our intelligence on avoiding the trap, but some people still fall for it all the same.

Phishing techniques will doubtless become more sophisticated over time, let’s hope that our ability to spot the fake increases at the same or faster rate.