searchsecurity.techtarget.com zei: Phishing is e-mail fraud where the perpetrator sends out legitimate-looking e-mails that appear to come from well known and trustworthy Web sites in an attempt to gather personal and financial information from the recipient
Or in more straightforward English:




Example of phishing
A few days ago I received the mail below, which is a example of such a phishing attempt, where a Paypal site is faked. First I didn't notice that it was a phishing attempt and I almost submitted my name and password.

This is the mail I received:


The things that triggered me this was a Phishing attempt, were:

The typo "You're Billing Information". You Are Billing Information??? Nice English. It's a mistake often made by people whose primary language is not English.

The links in the E-mail point to IP-addresses instead of domain names. However, you only notice this when you hover over the links. In the mail itself they appear as legitimate Paypal URLs.



The copyright info on the sites was outdated (2003 instead of 2005)


What can you do against phishing
The phishing attempt above is a pretty good one. 'They' (hence, the bad guys) even included the textblocks Protect your account information and Protect your password. Nice touch

My Razor (Bayesian-based) spamfilter didn't stop the E-mail. And also my challenge-response anti-spam measures did not stop the mail, because the sender (Paypal.com) is on my whitelist.

So what CAN you do? Well. Not much I guess. I was lucky to see it was a phishing attempt. I reported the incident to PayPal, but I got no response. I submitted the attempt to several news sites (a.o. www.Slashdot.org, hoping they would spend a small article about it. But nothing. There should be some kind of early-warning system for this kind of mails.

The phishing sites in the mail are currently offline, but days too late. I guess quite a substantial number of people have submitted their account/password combinations and their balance on Paybal is now probably be something around zero.