In United States, phishing is becoming one of the fastest evolving classes of identity theft scams on the Internet, causing both short-term losses and long-term economic damage. In a phishing scam, the identity thief poses as a legitimate person from a reputable company to try to entice people to visit bogus Web sites, where they are asked to reveal important personal information, such as credit card data. Although most phishing attacks target the financial industry, a growing number of phishing incidents target other sectors, such as retailers, online game operators and Internet Service Providers.
In 2003 and 2004, several financial institutions like the Bank of America, Bank One, Citizens Bank, U.S. Bank, SunTrust, MBNA, Wells Fargo and Visa were the victims of phishing attacks. Today, national banks are not the only targets of phishing. Many of the phishing attacks in United States now target regional banks and credit unions. A total of 42 local banks across 23 states in United States were spoofed in phishing attacks between June and September 2006
What is "Phishing"?
Phishing is a form of activity in which phishers try to obtain personal information, such as credit card details, consumer e-mail passwords or bank account passwords by pretending to originate from a reliable and valid source. Phishing is used by identity thieves by using a variety of entrapping methods to ferret out the personal information of innocent Internet users.
When an e-mail is received which appears to come from a consumer's bank and asks to log in onto the consumer"s banking account to keep the account active, it is known as technically- engineered phishing. These attempts to gain a consumer's personal and confidential information are known as phishing attacks.
What is Spear Phishing?
Spear phishing is a method in which e-mails appearing to be authentic are sent to all employees or members of a particular company, government agency, organization or group. The message will look as though it is coming from an employer or from a colleague of that company who has sent the e-mail to obtain login information. Spear phishing scams endeavor to procure access to a company's whole computer system.
What is Vishing?
Obtaining credit card information illegally, using VoIP (Voice over Internet Protocol) phone calls is known as vishing. Vishers benefit from the inexpensive anonymous Internet calling available through VoIP services, which also permit the offender to use simple software programs to set up a professional- sounding automatic customer service line. Furthermore, unlike most phishing attacks, which purport to be from a genuine organization, would not normally use e-mail to ask for personal information from accountholders, vishing, in fact, imitates an emblematic bank protocol in which banks encourage clients to call and confirm information.
Phishing activity is rising rapidly in United States. One reason is that there is a high rate of broadband Internet usage in the United States. This provides a fertile ground for botnet-hijacked computers. Many of the phishing attacks are hosted in a compromised computer that is a part of a botnet. Typically, in the United States, phishers prefer to begin their attacks in the morning so that victims will receive the e-mail, when they first check their inbox. Another rationale for this tactic is that if an attack is hosted in the U.S and is launched in the early hours of the morning within a U.S time zone, it is not easy to reach the Internet Service Provider.
Over the past six months, Internet users in the United States have received numerous e-mail attacks The financial services sector continues to remain the most common targeted industry sector for phishing attacks. Generally, an ordinary phishing attack can cost a financial institution $50 and $60 per account negotiated, or a total of approximately $50,000 for each attack. Phishing poses a serious threat, since the methods of attack are continuously evolving and because phishers are often difficult to track and apprehend.