 |
How Does Phishing Work?So how exactly does 'phishing' work? At it's core, it is actually very simple, though the technology required by a fraudster can be quite complex. Emails will be sent in bulk. You and I know them as spam. In amongst the spam will be a message from a bank or finance firm of some sort. The title of the message will be similar to: XYZ Bank Details Confirmation Message. The fraudster is actually betting on the fact that if he sends a few million emails, a small percentage of recipients will actually hold an account with XYZ Bank. Of that small percentage, some but not all will actually open the email message. Of those who open the email message, some will not trust it, but others, a very small percentage of the whole, will actually do as the email requests. The phishing email will provide a link for the recipient to click on. The link will take the user to a web page which has been established specifically to look identical to the bank's own website. However, the tell-tale give-away will be an odd and obscure looking url and NOT the actual domain name of the bank in question. The webpage will request that the user type in their access details and passwords for 'confirmation'. Once this has happened, the webpage will change and a 'Thank You' page will be displayed explaining how useful this is to the bank. The reality is that behind the webpage, all details being entered are stored and fraudsters can then access the account online and transfer money out of your account and into their own. This all sounds very simple and you might be wondering just how people become a victim to it. Trust me, they do. In their thousands! Of course, it isn't actually that simple. The webpage and email address will be real but hosted and operated from some far away jurisdiction in an anonymous name. The bank account will also be established under fraudulent conditions. This takes time and effort. This also makes it hard for the poice or other authorities to trace and therefore prosecute.
|