Impersonating the business through email and websites
Phishing is the common name given to a prolific scam wherein a fraudster or scam artist sends an e-mail purporting to be from a financial institution or other organization. The message includes a claim that due to “security concerns”, “too many attempted log-ins”, an urgent need to “comply with anti-terrorist financing provisions under the USA Patriot Act”, or other such reasons, the recipient must confirm their personal and account information immediately to avoid some negative consequence - such as imminent account closure. In other cases, the email may be positioned as an order confirmation, designed to prompt the recipient to confirm shipping and billing details.
The e-mails look and sound official, and often contain graphics stolen from the company or organization from which the message claims to originate.
Cyber criminals typically send out thousands of these phishing emails at once, knowing that some percentage of unsuspecting recipients will “take the bait”.
Criminals also routinely use deceptive websites to commit their fraud schemes and lure in unsuspecting victims. Whether through an intentionally similar website name, or through brand hijacking (the blatant copying and misuse of company logos and website content), thieves can impersonate a business' online presence and deceive unsuspecting visitors who believe they are visiting the real organization's website.
Phishing scams in action...
The Anti-Phishing Workgroup's "APWG Phishing Activity Trends Report" reported that in the first 6 months of 2011, it received 140,331 reports of new and unique phishing scams - an average of over 23,388 new phishing scams per month. The group also detected 195,901 new and unique phishing websites during the same time period.