Sciam - cover

From the December 2008 Scientific American Magazine | 11 comments

How to Foil "Phishing" Scams ( Preview )

Understanding the human factors that make people vulnerable to online criminals can improve both security training and technology

By Lorrie Faith Cranor   

 


Chad Baker (computer) and Riko Pictures (hooks), Getty Images

e-mail print comment

Key Concepts

  • A form of online crime that lures people into giving up personal or corporate information, phishing is a growing security threat that already costs victims billions of dollars every year.
  • Because phishing exploits human vulnerabilities, studying the factors that make people fall for phishing scams can improve antiphishing training and technology.
  • The combined efforts of law enforcement, computer security experts and computer users are needed to reduce the success of phishing.

More from the Magazine

Over just a few weeks, I received e-mail messages from several banks warning me that my online banking services were in danger of being deactivated, from eBay telling me that I needed to change my password, from Apple complaining that I had unpaid bills for music downloads, from an airline offering me the opportunity to earn a quick $50 for filling out a survey and from the Red Cross asking me to contribute money to help earthquake victims in China. These messages were all very convincing and looked authentic. Except for the eBay message, however, they were all fraudulent e-mails known as “phish.”

Phish e-mails are constructed by con artists to look like legitimate communications, often from familiar and reputable companies, and usually ask victims to take urgent action to avoid a consequence or receive a reward. The desired response typically involves logging in to a Web site or calling a phone number to provide personal information. Sometimes victims need only click on links or open e-mail attachments for their computers to become infected by malicious software—known as malware—that allows phishers to retrieve the data they want or take control of the victim’s computer to launch future attacks. Although the details of phishing scams can vary, the result is usually the same: thousands of unsuspecting victims give information to criminals who then use it to break in to their accounts and steal their money or identities, or both.

Graphic - Get the Rest of the Article
Graphic - Subscribe     Graphic - Buy this Issue
Already a Digital subscriber? Sign-in Now
If your institution has site license access, enter here.

Read Comments (11) | Post a comment


Share
Propeller    Digg!  Reddit delicious  Fark 
Slashdot    RT @sciam How to Foil "Phishing" ScamsTwitter Review it on NewsTrust 
sharebar end

You Might Also Like


Discuss This Article


Click here to submit your comment.

VIEW:

2,573 characters remaining
 
  Email me when someone responds to this discussion.
 

risk free issuefree gift
Sciam - cover Email:
Name:
Address:
Address 2:
City:
State:  
spacer

Subscription Center




Editor's Pick

  • Adapting to the Freshwater CrisisForward-thinking experts are getting a better handle on the growing global water shortage and coming up with innovative approaches to ensuring the security, safety and sustainability of this resource

Newsletter

Technology Newsletter

Get weekly coverage delivered to your inbox


 Podcasts

  • 60-Second Earth     RSS  · iTunes The Jellyfish Menace
    click to enable

    Download

  • 60-Second Science     RSS  · iTunes Plants Share Light If Neighbor Is Related
    click to enable

    Download





ADVERTISEMENT
 
 


Also on Scientific American


© 1996-2009 Scientific American Inc. All Rights Reserved. Reproduction in whole or in part without permission is prohibited.
ADVERTISEMENT