Phishing, vishing, phaxing and other identity threats: The evolution of online fraud
Fraudsters don't just want your bank account information. With an increasing risk from phishing, vishing and phaxing tricks, could you recognize a spoofed website, designed to commit identity theft, damage a company's reputation or incur legal liability? The growth in online shopping and banking has been matched by increasingly widespread risk. Phishing emails that point recipients to a bogus (or "spoofed") website that looks like the real thing have become more and more insidious. Their aim is to trick users into divulging their usernames, passwords and other confidential information that the perpetrators can then use to commit all kinds of crime based on identity fraud.
More than just Citibank, eBay and PayPal
Perpetrators are looking for more than just bank account information. Originally targeted at wellknown financial institutions, phishing now has a more diverse range of victims. Institutions like Citibank, eBay and PayPal have been joined by a host of social networking and gambling websites. The risk to business and other organizations is clear: stolen information can seriously undermine an organization's online reputation, bringing considerable risk to its operations and potentially resulting in legal liability.
Be aware of new tricks like vishing and phaxing
The difficulties lie both in recognizing these spoofed websites, most of which are almost impossible to distinguish from genuine ones, and in keeping up with the latest tricks. As computer users become more savvy about phished URLs, cybercriminals have come up with more tricks. In "vishing", or voice phishing, scammers use VoIP to build bogus switchboard systems, mimicking those of online organizations. They then spam out emails claiming to come from those companies, but rather than including a link to a bogus website, they instead provide a phone number. Similarly, “phaxing” emails tell the recipient to fax back a form with banking and other details. The prevalence of phishing and email fraud has made people wary of giving out personal information online. Mistakenly, we trust fax and phone numbers because we don't think fraudsters will bother with the effort and cost needed to set them up.
This article was provided by Sophos and is published here with their full permission. Sophos provides full data protection services including: security software, encryption software, antivirus, and malware protection.