Gioup membei: Fiancis Klo }iun Yil

: Kong Siew Ting

O Pbisbinq is o woy of ottemptinq to ocquire sensitive
informotion sucb os usernomes, possworJs onJ creJit corJ
Jetoils by mosqueroJinq os o trustwortby entity in on
electronic communicotion. Tbis is similor to Fisbinq, wbere
tbe fisbermon puts o boit ot tbe book, tbus, pretenJinq to be
o qenuine fooJ for fisb. But tbe book insiJe it tokes tbe
complete fisb out of tbe loke. Communicotions purportinq
to be from populor sociol web sites, ouction sites, online
poyment processors or lT oJministrotors ore commonly
useJ to lure tbe unsuspectinq public. Pbisbinq is typicolly
corrieJ out by e-moil spoofinq or instont messoqinq, onJ it
often Jirects users to enter Jetoils ot o foke website wbose
look onJ feel ore olmost iJenticol to tbe leqitimote one.
O lisling is an example of social engineeiing ieclniques
used io deceive useis, and exploiis ile pooi usabiliiy of
cuiieni web secuiiiy ieclnologies.
O Aiiempis io deal wiil ile giowing numbei of iepoiied
plisling incidenis include legislaiion, usei iiaining, public
awaieness, and ieclnical secuiiiy measuies.
O lisling is iypically caiiied oui by e-mail spoofing oi
insiani messaging, and ii ofien diiecis useis io eniei deiails
ai a fale websiie wlose lool and feel aie almosi ideniical io
ile legiiimaie one. lisling is an example of social
engineeiing ieclniques used io deceive useis, and exploiis
ile pooi usabiliiy of cuiieni web secuiiiy ieclnologies.
O A plisling ieclnique was desciibed in deiail in i, and
ile fiisi iecoided use of ile ieim plisling was made in
i. Tle ieim is a vaiiani of fisbinq, piobably influenced
by pliealing and alludes io baiis used in lopes ilai ile
poieniial viciim will biie by clicling a malicious linl oi
opening a malicious aiiaclmeni, in wlicl case ileii
financial infoimaiion and passwoids may ilen be siolen.
1he damage caused by phlshlng ranges from denlal of
access Lo emall Lo subsLanLlal flnanclal loss lL ls esLlmaLed LhaL
beLween May 2004 and May 2003 approxlmaLely 12 mllllon
compuLer users ln Lhe unlLed SLaLes suffered losses caused by
phlshlng LoLallng approxlmaLely uS$929 mllllon unlLed SLaLes
buslnesses lose an esLlmaLed uS$2 bllllon per year as Lhelr cllenLs
become vlcLlms
W ln 2007 phlshlng aLLacks escalaLed 36 mllllon adulLs losL
uS$32 bllllon ln Lhe 12 monLhs endlng ln AugusL 2007MlcrosofL
clalms Lhese esLlmaLes are grossly exaggeraLed and puLs Lhe
annual phlshlng loss ln Lhe uS aL uS$60 mllllon
ln Lhe unlLed klngdomlosses from web banklng fraud
mosLly from phlshlngalmosL doubled Lo C8232m ln 2003 from
C8122m ln 2004whlle 1 ln 20 compuLer users clalmed Lo have
losL ouL Lo phlshlng ln 2003
1he sLance adopLed by Lhe uk banklng body AACS ls
LhaL cusLomers musL also Lake senslble precauLlons so
LhaL Lhey are noL vulnerable Lo Lhe crlmlnal
Slmllarly when Lhe flrsL spaLe of phlshlng aLLacks
hlL Lhe lrlsh 8epubllcs banklng secLor ln SepLember 2006
Lhe 8ank of lreland lnlLlally refused Lo cover losses
suffered by lLs cusLomers (and lL sLlll lnslsLs LhaL lLs pollcy
ls noL Lo do so) alLhough losses Lo Lhe Lune of t11300
were made good
O lisling on AOL was closely associaied wiil ile
waiez communiiy ilai exclanged piiaied sofiwaie and ile
lacling scene ilai peipeiiaied ciedii caid fiaud and oilei
online ciimes. Afiei AOL biougli in measuies in laie i
io pieveni using fale, algoiiilmically geneiaied ciedii caid
numbeis io open accounis, AOL ciacleis iesoiied io
plisling foi legiiimaie accounis and exploiiing AOL.
O A plislei migli pose as an AOL siaff membei and
send an insiani messange io a poieniial viciim, asling lim
io ieveal lis passwoid.In oidei io luie ile viciim inio
giving up sensiiive infoimaiion ile message migli include
impeiaiives lile vcviIy youv account oi conIivm
bi!!ing inIovmation.
O Once ile viciim lad ievealed ile passwoid, ile
aiiaclei could access and use ile viciim's accouni foi
fiauduleni puiposes oi spamming. Boil plisling and
waiezing on AOL geneially iequiied cusiom-wiiiien
piogiams, sucl as AOHell. lisling became so pievaleni
on AOL ilai iley added a line on all insiani messages
siaiing: no one woiling ai AOL will asl foi youi passwoid
oi billing infoimaiion, ilougl even ilis didn'i pieveni
some people fiom giving away ileii passwoids and
peisonal infoimaiion if iley iead and believed ile IM fiisi.
O A usei using boil an AIM accouni and an AOL
accouni fiom an IS simulianeously could plisl AOL
membeis wiil ielaiive impuniiy as inieinei AIM accounis
could be used by non-AOL inieinei membeis and could
noi be aciioned (i.e.- iepoiied io AOL TOS depaiimeni foi
disciplinaiy aciion.)
O veniually, AOL's policy enfoicemeni wiil iespeci
io plisling and waiez became siiiciei and foiced piiaied
sofiwaie off AOL seiveis. AOL simulianeously developed a
sysiem io piompily deaciivaie accounis involved in
plisling, ofien befoie ile viciims could iespond. Tle
sluiiing down of ile waiez scene on AOL caused mosi
plisleis io leave ile seivice.