Phishing for new ways to attack

Till recently, sending virus /worm laden emails was the prevalent mode of attacking for malicious people. The extent and the targets of the attacks was limited to mainly the corporates and very rarely targetted towards the individual users. The malicious intent was mainly to bring down the corporate networks and prevent access to the website and make the corporation suffer losses.

Because the corporations are becoming increasingly security conscious and wary of attacks, now the attackers have shifted their attention to individual users by this new technique of attack. The phenomenon is called as "PHISHING" (see http://www.antiphishing.org for more information). It refers to creating (spoofing) fraudulent websites and email address very similar to actual corporations in look and feel and content as well and then send emails to individual users that ask them to enter some personal information like credit card numbers, PIN, account name and passwords etc for verification purposes. This information is then stolen and can be used to carry out financial and identity theft. There are reported cases where an individual has been ripped off his all savings.

Although this uses cyber technology to carry out the acts, but these are no different than common theives and burglars and should be prosecuted accordingly. However, the task is much more complex due to the fact that the attacker may be sitting in some remote country (as has happened) where the country where the victim lives may not have any jurisdiction.

So what can we as individuals do. Here's some tips to avoid be hooked to a phishing line (http://www.computerworld.com/managementtopics/management/story/0,10801,95461,00.html?nas=EB-95461). There is also a very good survey that helps in improving our understanding of the whole issue (http://survey.computerworld.com/surveys/research/phishing_survey.htm)

The onus is on us as the consumers not to take the bait and inform the organisations of any suspicious activities.