The term Phishing refers to the criminal practice of attempting to collect valuable information from the target using forged emails and web sites. The ultimate goal is to identify and ideally to acquire the customer’s passwords, credit card numbers and other sensitive information. Anything that potentially compromises the customer’s business interests can be termed “Phishing”. Therefore, a valid quick guide to this practice would be “Phish”.
Phishing is nothing new. Knowledge of both words and events HDD traces back to the Middle Ages when the Mediceans used mystical techniques like “gnosis” to decode the messages intercepted from the sea. During the Napoleonic Wars, the opposing forces used a resemblance to a familiar enemy force in order to mislead the pro-Turkish forces. After World War II, allied forces using the newly discovered technique of “G radented Computing” (running machines without any permanent connection to the internet) were able to gain significant speed-up advances. These machines were connected via a large number of small connections which were fast enough to evade the detection of major Beverloo networks.
The fundamental driving force behind the development of cloud computing was the need to centralized business processes and information. The internet was good for certain things, but it was not suitable for everything. Excluding some content from being accessed by requesting that it not be accessed, nor requiring that new accounts be made with passwords that could not be divulged until after the user logged on, the internet was not suitable for storing and distributing sensitive information.
The arising threats from the internet prompted research and development in systems and methods that would reduce the chances of information being compromised. Certified information security professionals are able to identify any potential security threats and the vulnerabilities associated with a system or application.
The access to this information is restricted and only those authorized people will have access to the information. There are a number of services that allow users to bypass controls and connect to a network from anywhere in the world. However, those services and computers must have the ability to encrypt data or exercise strong authentication requirements to be reliable against unauthorized access.
The result of this wedge between secure and illicit information is the proliferation of sophisticated phishing techniques. While retail and financial institutions saw a large number of phishing attacks that stole financial information, testing small businesses, and inviting infection by malicious software, smaller e-commerce sites that process credit card payments saw attacks that focused on thelniates.
The growth of cloud computing and the convergence of computers and networks has created a device that can be used to deliver software, data, and applications to end users and an environment that can be used to attack computers.
The most recent phishing attacks have focused on gaming websites, with many reports claiming that members of organized crime made a financial gain through selling digital products stolen from game sites.
It is claimed that unless users educate themselves about phishing and how to spot fraudulent emails and websites, attacks will continue to rise.
Social engineering attacks can be transmitted through computer memory, although unauthorized access is possible as well through USB thumb drives and CD/DVD writers.
Measures must be taken to educate users about phishing and how to spot fraudulent emails to reduce the risk of financial loss.
