The word Phishing is a contraction of the words « Password », « Harvesting » and « Fishing ». Fraudsters phish in order to gain confidential data from unsuspecting Internet users. This may, for example, be access data for e-mail accounts, online auctioneers (e.g. eBay) or for Internet banking. The fraudsters take advantage of their victim's good faith and helpfulness by sending them e-mails with false sender addresses. The e-mails tell the victims, for example, that their account details and access data (e.g. username and password) are no longer secure or up-to-date and they need to be changed at the link provided in the e-mail. The link, however, does not lead to the genuine page of the respective service provider (e.g. the bank) but the fraudster's apparently identical web page.
Effects and risks
- With the data thus obtained, a fraudster can perform bank transactions using the victimised Internet user's name to place offers at an online auction.
- With stolen e-mail login data, fraudsters get full access to the e-mail account. The attackers are able to exctract and analyse all data and for example send fraudulent and counterfeit e-mails to contacts in the address book in the name of the victim.