Jan 12 2004
Term of the week
The Word Spy website has a pretty good description of the word “phishing”.
phishing
(FISH.ing) pp. Creating a replica of an existing Web page to fool a user into submitting personal, financial, or password data. ?adj.
?phisher n.
This term seems to be getting a lot of use lately, especially considereng a bug recently found in the way Internet Explorer renders HTML address. There is an error in IE’s URL parsing . The vulnerability allows a malicious spammer send an email with authentic looking URL’s and phish for information.
There are a number of ways to filter for this vulnerability at the edge your corporate network, but it is more often going to be the at-home users who are going to be receiving and responding to this. Try educating your users on what phishing is and about hoax email in general. If you get 50% of them to retain the knowledge, consider yourself lucky. It’s to our advantage to reduce the number of home users who are taken advantage of; cuts down on the malicious traffic headed our way.
Right now, there is a specific example of what I’m talking about. I’ve heard of it so far as the ‘CitiBank phishing email’. Here are a couple of more links to information concerning phishing.
- Anti-Phishing.org
- FTC Consumer Alert “How Not to Get Hooked by a ‘Phishing’ Scam’
- Business Week “Phishing Is Foul on the Net”
- “Fighting Fishing” at PCMag
![[del.icio.us]](http://images.del.icio.us/static/img/delicious.small.gif){kind=small}