Phishing
Definition according to Phishing Exposed (Will change this when others are recommended):
Phishing, also known as carding or brand spoofing, has many definitions; we want to be very careful how we define the term, since it is constantly evolving. Instead of a static definition, let’s look at the primitive phishing methods and see, the practice’s active evolution and possible future processes. For now, we’ll define the primitive approach as the act of sending a forged e-mail to a recipient, falsely mimicking a legitimate establishment in an attempt to scam the recipient into divulging private information such as credit card numbers or bank account passwords. The e-mail, in most cases, will tell the user to visit a Web site to fill in the
private information. To gain your trust, this Web site is designed to look like the site of the establishment the scammer is impersonating. Of course, the site isn’t really the site of the legitimate organization, and it will then proceed to steal your private
information for monetary gain. Thus the word phishing is obviously a variation of the word fishing in that these scammers set out “hooks” in hopes that they will get a few “bites” from their victims.
Phishing has actually been around for over 10 years, starting with America Online (AOL) back in 1995. There were programs that automated the process of phishing for accounts and credit card information. Back then phishing wasn’t used as much in e-mail compared to Internet Relay Chat (IRC) or the messaging alert system that AOL used. The phishers would imitate an AOL administrator and tell the victim that there was a billing problem and they needed them to renew their credit card and login information. Back then, because personal computers in the home combined with Internet usage were a fairly new experience, this method proved quite effective but was not observed with as much population as phishing is today. The sudden onslaught of phishing against financial institutions was first reported in July 2003. The targets were primarily E-loan, E-gold,Wells Fargo, and Citibank.13. The most remarkable twist about the phishing phenomenon is that it introduced a new class of attack vectors that was overlooked in almost every financial institution’s security budget: the human element. All the expensive firewalls, SSL certificates, IPS rules, and patch management could not stop the exploitation of online trust that not only compromises confidential user information but has had a major impact on consumer confidence regarding telecommunications between an establishment and its clients.
Charter for Mal-Aware.org & Phishing:
Real-time risk-mitigation is the key to prevention and detection of phishing attacks. Instead of the typical takedowns that are employed, the goal in regards to the Malicious Activity Awareness & Response organization is to assist in investigations that lead to stolen data recovery and apprehension of phishing groups. With the use of technical savvy, well-connected information sharing networks, and law enforcement organizations around the world, this goal is not unreasonable.