From Higher Computing Science
Revision as of 11:35, 14 August 2015 by Ronnier (Talk | contribs) (Avoiding phishing attacks)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

This article is unfinished. Please consider joining and adding to this article. Read about Page layout beforehand.

Key points

  • Phishing is a technique used to gain access to personal information by using fake emails, web sites or messages to fool a user into providing identifying information. It is an example of social engineering (fooling a person into acting in a particular way by controlling a situation).


Example of a phishing email

Phishing is a common form of Internet fraud. It is carried out by providing an interface or information that looks familiar, which is used to send data to a third party.

Phishing relies on users' inability to notice that the message or website is not coming from a reliable source. This may be difficult, as phishing techniques can use advanced techniques to fool the user, even making themselves accessible at the correct domain name.

The basic idea behind a phishing website is to collect information using an HTML form. The web form will ask for information that act as credentials for a website like a bank, or email account. The input to the form will be passed to a server-side script that will email or store the data for the criminal to read. As long as the website looks legitimate, many users will not hesitate to provide the details.

Avoiding phishing attacks

Simple rules can be applied to avoid phishing attacks:

  • Do not respond to calls, emails or web pages asking for personal details when you have not requested a password change or support.
  • Use a spam filter on email - this will remove many previously detected phishing attacks.
  • Know your source - check the address of the website. If it seems suspicious, report it.
  • Check security - is the site secured using SSL encryption? If so, read the digital certificate carefully to see if the site is legitimate.
  • Check the spelling in the message. It is common for Phishing emails to contain grammar and spelling errors.


Further information

Test yourself

Teaching resources