Working Principle of Phishing Scams

This type of scam is one of the most common on the internet. Scammers most often target big financial institutions and sites such as Citibank, PayPal and eBay. The sole purpose of phishing scams is to trick you into submitting sensitive personal information such as credit card or social security numbers, bank accounts or passwords. Protecting your digital identity is crucial since you can end up financing terrorism or committing virtual crimes without even knowing.

As we said earlier, it is your personal information that the villains are trying to steal and we must say that they are really creative. But most often they do the following:

• First of all they choose an institution’s website where you will have to submit your credit card number or bank account. That is why criminals pick PayPal, Citibank or any other bank or financial institution.
• Then they thoroughly investigate the website, download banners and text. They study the navigation structure, text fonts and general back-end functionality.
• After that the villains create a website that looks almost the same as the original. But the information that users input will never reach he institution’s data base.
• Next the scammers send emails to random people which appears like a formal request from the targeted institution – they contain logos and signatures. There are three main types of fake emails:
• The first type is emails that trick users into clicking on a link that will open their browser and direct them into the phony website. After that users are presented with a from where their personal information like credit card number, bank account, home address, phone or zip code is required. Victims can also be asked to join with their username and password. As you can figure out by now, none of the information will ever reach the institution’s data base.
• The second type is emails that contain an embedded form where users are instructed to enter login or account details. Then victims should return the email to the sender.
• The third type is emails that entice users to install a Trojan on their systems. There is a variety of ways to do this: victims might be asked to download the attached file, or they might infest their computer just by clicking and visiting the website linked with the email. The Trojan can then be used by the scammers to collect valuable data from the infected system.

Criminals can easily obtain an enormous mailing list for free. When they sent bogus emails, a lot of users won’t even be customers of the targeted institution. Villains sent thousands of emails to random users, hoping to fool a small number of then. Scammers count on users that have registered in the targeted institution and on users that don’t expect such kind of fraud. Since the profit is significant only a small number of victims will work.

Want to read more on the subject?