Skip Navigation

What is Phishing?

You may have heard of the latest online threat to Internet users' personal security, an advanced hack known as "phishing." Phishing is a specific type of identity theft that can occur only on the Internet. You will respond to an innocent legitimate looking email, log in to your bank's website, and suddenly the phishers have your bank account number, credit card number, PIN, and any other information you entered in the website. This growing threat is taking its toll on the Internet community; according to the Anti-Phishing Working Group, there were 1,518 active phishing sites reported in November 2004 alone.

Methods of Phishing

Phishing scams come in several forms, but they all share the same basic traits; a legitimate looking email asking you to renew your bank account information or some other personal data. The most common phishing scam is an email that appears to be from a bank stating that you need to verify your bank account information. It will ask you to click on a legitimate looking link in the email. The actual link is to the phishing site, however.

Phishing sites use several different methods to make their site look like the real site. The actual images and text on the page will look nearly identical to the legitimate site. Sometimes the site will try to "spoof" the address bar, hiding the phishing URL with the bank's actual URL, so it looks like you're visiting a real site. The real devious phishing sites will use the login information you entered to log you in to the actual bank's website, so you have no clue you were scammed.

Another method used by phishers is an HTML form embedded in the email. In this method, the legitimate looking email includes a form right in the email to input your important information. This method is particularly dangerous, as an HTML form in an email can do any number of things, including automatically sending all the data entered to a phishing site or email address owned by phishers.

One other trick utilized by phishers is using pop-up windows to give the appearance of legitimacy. The actual bank's website will be opened in the background and the phishing site will be opened as a popup window. The pop-up looks like it's part of the legitimate site and it usually does not include an address bar, so it doesn't have to spoof the URL.

Some spyware programs will install a corrupt "Hosts" file. The corrupt hosts file will cause certain websites entered in the address bar to redirect to other sites. Thus you will enter your bank's website in the address bar, but your browser will be redirected to the phishing site without you even knowing about it.

Spyware Detection Stats

  • Spyware Fingerprints: 91,859
  • Detections: 6,717,481
  • Detections this Month: 2,828

Spyware Search


Recommended

Keep your computer safe. Automatically keeps up-to-date to protect from the latest threats.

Most recent threats

DollarRevenue
05/06 | 18:37
AntiVirProtect
05/06 | 17:35
VirusHeat
05/06 | 17:33
Recommended
SpyCatcher™

SpyCatcher: anti-spyware software Get rid of even the most powerful spyware using SpyCatcher's cutting-edge technology.

More Information about SpyCatcher
SpyCatcher Enterprise ™

SpyCatcher Enterprise is the first and only anti-spyware solution that proactively protects enterprise computers from next-generation spyware.

More Information about SpyCatcher
request to remove software from our spyware database