GC: n
CT: Phishing is a form of fraud in which the attacker tries to learn information such as login credentials or account information by masquerading as a reputable entity or person in email, IM or other communication channels.
ypically a victim receives a message that appears to have been sent by a known contact or organization. An attachment or links in the message may install malware on the user’s device or direct them to a malicious website set up to trick them into divulging personal and financial information, such as passwords, account IDs or credit card details. Phishing is a homophone of fishing, which involves using lures to catch fish.
Phishing is popular with cybercriminals, as it is far easier to trick someone into clicking a malicious link in a seemingly legitimate email than trying to break through a computer’s defenses. Although some phishing emails are poorly written and clearly fake, sophisticated cybercriminals employ the techniques of professional marketers to identify the most effective types of messages – the phishing “hooks” that get the highest “open” or click through rate and the Facebook posts that generate the most likes. Phishing campaigns are often built around the year’s major events, holidays and anniversaries, or take advantage of breaking news stories, both true and fictitious.
To make phishing messages look like they are genuinely from a well-known company, they include logos and other identifying information taken directly from that company’s website. The malicious links within the body of the message are designed to make it appear that they go to the spoofed organization. The use of subdomains and misspelled URLs (typosquatting) are common tricks, as is homograph spoofing – URLs created using different logical characters to read exactly like a trusted domain. Some phishing scams use JavaScript to place a picture of a legitimate URL over a browser’s address bar. The URL revealed by hovering over an embedded link can also be changed by using JavaScript.
S: http://searchsecurity.techtarget.com/definition/phishing (last access: 9 July 2016)
N: 1. In the cyber scam sense, by 2000 (some sources cite usage from 1995); alteration of fishing (n.); perhaps by influence of phreak and the U.S. rock band Phish, which had been performing since 1983.
2. Phishing, act of sending e-mail that purports to be from a reputable source, such as the recipient’s bank or credit card provider, and that seeks to acquire personal or financial information. The name derives from the idea of “fishing” for information.
3. In phishing, typically a fraudulent e-mail message is used to direct a potential victim to a World Wide Web site that mimics the appearance of a familiar bank or e-commerce site. The person is then asked to “update” or “confirm” their accounts, thereby unwittingly disclosing confidential information such as their Social Security number or a credit card number.
4. Sometimes it’s said the term “phishing” stands for “password harvesting fishing.” Most likely that acronym was coined retroactively … As for the “ph,” that’s a common hacker replacement for “f,” and a nod to the original form of hacking, known as “phreaking.”
S: 1. OED – http://www.etymonline.com/index.php?term=phishing&allowed_in_frame= (last access: 9 July 2016). 2 & 3. EncBrit – https://global.britannica.com/technology/phishing (last access: 9 July 2016). 4. TERMIUM PLUS (last access: 9 July 2016).
SYN:
S:
CR: computer science, malware.