"Important email for Jill Smith: Chase Bank has noticed suspicious activity on your account. Please login using the link below to confirm this activity." "EBay user: Your request to have your email address changed is completed. If you did not request this change, please login using the link below to report fraudulent account activity." "Hi, my name is Jill Smith from Chase Bank. We have noticed some strange activity on your credit card. Could you please confirm some information? Please provide your full credit card number and the last three digits on the back of your card, near your signature, for verification purposes."
If one receives emails or hears a phone conversation similar to this, a phishing scam is taking place. Phishing, also referred to as brand spoofing, is a type of scheme that uses fraudulent e-mail and web pages to gather personal, financial, and sensitive information for the purpose of identity theft (CIBC, 2005).
Receiving suspicious emails, which include a link, is a form of phishing. Criminals develop a website that looks very similar to the official business website (CIBC, 2005). Exhibit 1 shows what to look for when receiving suspicious emails. When a customer enters data using the link, criminals receive user identification and passwords. Phishing, fraud, and identity theft problems are facing customers today mostly because of Web-based banking, also known as electronic banking. In order to control privacy of personal information and guarantee accurate and quality information on the Web, management develops standards in website security while continually evaluating and monitoring the security of customer information.
In the article "Phishers zero in on e-banking," Paul Roberts (EWeek 2005), discussed an increase in malicious programs designed to record computer activity. These programs attempt to screen scrape, a technique in which a computer program extracts data...