Phish, or phishing, is a rapidly growing form of fraud that seeks to fool Web
users into divulging private information by mimicking a legitimate Web site.
In a typical scenario, unsuspecting users get an urgent sounding (and authentic
looking) email telling them there is a problem with their account that they must immediately
fix
to avoid account termination. The email will include a URL to a Web site that looks
exactly like
the real thing. It is simple to copy a legitimate email and a legitimate Web site
but then change
the so-called backend, which receives the collected data.
The email tells the user to log on to the site and confirm some account
information. A hacker receives data a user provides, such as a logon name, password,
credit card
number, or social security number.
Phish fraud is fast, cheap, and easy to perpetuate. It is also potentially quite
lucrative for those criminals who practice it. Phish is hard for even computer-savvy
users to
detect. And it is hard for law enforcement to track down. Worse, it is almost impossible
to
prosecute.
Please report to Trend Micro any Web site you
suspect to be a phishing site. See Sending suspicious content to Trend Micro for more information.