I have chosen to explain the term Phishing as is often used in computer security field. This concept is weighty on the study and eventual work that I will find myself involved in. As an information technology student, with vast interest in computer security, I find it appropriate to explain this terminology and describe it fully in a bid to shed more light and derive deeper understanding of the concept. Having a deeper understanding of phishing will surely translate to better management of security issues in the information and communication technology field.
Many scholars have come up with definitions of the term phishing as used in computer security. Below is an example of definition coined by Wesley Owen (2008).
“The act of falsely sending information to someone in a user friendly manner claiming to be an established legitimate enterprise, with the intention of trying to lure the recipient into revealing his/her information that can be used for identity theft”
In most cases, the method used to send information is by use of emails, which can direct a user to visit a web page that is phony. Most of the web pages where users are redirected would require users to provide personal information or update the same. In the process, scammers who then use the same can steal personal data. Phishing therefore involves emulation of some enterprise identity for the purposes of luring the intended clients, in most cases the legitimate enterprise clients. According to Wesley (2006), phishing is also referred to as brand spoofing or carding. In his explanation, there is a slight variation between phishing and fishing. Bait is thrown with the hope that one will be tempted in to biting. Of course, some will ignore it but others will fall in to it.
With the proliferation of technology and advancement of online marketing and presence, phishing has become one of the major threats to information security. The unsuspecting public is lured by communication purporting to be form genuine websites or establishments. The definition of phishing was clearly described in detail in the year 1987 however, the first documented use of the term was in 1996 . The basic similarity between phishing and phreaking is the use of a bait to lure unsuspecting users. In recent times, the term spear phishing has been used to refer to phishing attacks that are directed to a particular target. Whereas the term is used for directed phishing, another term ‘whaling’ is used to refer to phishing attacks that are directed to high profile targets like company executives and other senior business and organizational managers. Both terms are sub branches of phishing, therefore referring to the use of baits to a directed target. Phishing methods include use of link manipulation . In this sense, a URL address may be manipulated to look as if it is a legitimate business link. Example of such URL would be http://www.legitimatebusinessname.Fakename.com. While clicking on the link, the user will think that he/she is being lead to the ‘legitimatebusinessname ‘website when the fact is that he/she is lead to the ‘Fakename’ website.
Markus, J., & Myers, S. (2006). Phishing and Countermeasures:Understanding the increasing problem of electronic identity theft. New York: Wiley.
Wesley, O. (2008). Examining the effectiveness and techniques of the anti-phishing technology in leading Web browsers and security toolbars. Boston: ProQuest.