What Are Most Used Phishing Schemes and Techniques
In its recently published report on the status of worldwide phishing activities, the distinguished security vendor Symantec has reported that there are five main phishing techniques used by different groups.
Automated ToolKits: There are automated toolkits available in the underground economy, which allow even a novice phishing scammer to start his own phishing activities. These attacks tar-geted towards the information services sec-tor, facilitates attackers in the collection of personal data to leverage further spamming activities. 63% of the phishing activities are reported to be performed through this technique.
Typosquatting: Also called URL hijacking, is a form of cybersquatting which relies on mistakes such as typographical errors made by Internet users when inputting a website address into a web browser. Should a user accidentally enter an incorrect website address, they may be led to an alternative website owned by a cybersquatter. Only 1% of the phishing activities are reported to be performed through this technique.
Free Web-hosting services: For phishers, usage of free Web-hosting services has been the easiest form of phishing in terms of cost and technical skills required to develop fake sites. 6% of the phishing activities are reported to be performed through this technique.
IP addresses Domain: Phishers today use IP addresses as part of the hostname instead of a domain name. This is a tactic used to hide the actual fake domain name that otherwise can be easily noticed. Also, many banks use IP addresses in their Web site URLs. 2% of the phishing activities are reported to be performed through this technique.
Other Unique Domains: Rest 28% of the phishing activities are reported to be performed through this technique.
Fine, but……what exactly is Phishing?
And just in case, if you are looking for a technically correct definition of What is phishing…then here is what Wiki says…
Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.
The report is an interesting read. You can find it here (pdf).