Talk:Phishing/Archive 1

Be aware of how it works.
Be aware of how it works.

Here’s what to look for: Here’s what you should do:
 * An email is sent that looks like it came from a site you do business with.
 * The email requests that you provide or confirm personal information, login credentials or account numbers.
 * Never send personal info, your password or account numbers in an email.
 * When clicking on a link, be sure you end up on a secure site.

I thought it would be appropriate to structure the above into the main body of the discussion page. I hope this doesn't upset anyone.TheGrandMaster1 12:27, 25 September 2006 (UTC)

SecurityFocus cite
On 01 Nov 2004, this article was cited in a SecurityFocus article on phishing. Securiger 06:50, 8 Nov 2004 (UTC)

The list of phishing URL types added on 9th Feb was pinched from my page (whose URL is in the body of the email). I'm happy to make it available under the GNU FDL for Wikipedia, but the contributor should have asked. - Gerv (gerv at gerv.net)
 * Gerv, sorry about that! If your read this please accept out grateful thanks that you have gave us permission to use them under the GFDL! What is the link to this info? - Ta bu shi da yu 02:15, 4 Mar 2005 (UTC)
 * The link Gerv (a.k.a. Gervase Markham of the Mozilla Foundation) was talking about is here. ral315 05:35, Mar 9, 2005 (UTC)

Quote from Washington Times

 * Phishing, which stems from the word fishing, is the act of sending an e-mail to an Internet user in an attempt to get private information that could be used for identity theft, fraud or both. The e-mail, pretending to be from a legitimate business or bank, normally directs the user to a bogus Web site, where they are asked to update such sensitive personal information as passwords, bank account and credit card numbers.

Can we incorporate or re-word this definition? -- Uncle Ed (talk) 14:13, Apr 19, 2005 (UTC)

Another Peer Review
I want to get this article to reach FA status. Does anyone have any comments to make before I nominate it again?- ZeWrestler  Talk 12:31, 26 July 2005 (UTC)


 * OK, please consider all of this constructive criticism, I've been reading WP for a while, but only recently signed up as a user, and my edits have been limited to very minor changes. That said . . .  A lot of the "Early Phishing on AOL" section seems speculative.  I can see where the basic information came from (the greenarmor.com link), but the information about the close connection to the warez scene, and particularly the line about young teens growing up and getting jobs to pay for an ISP seems speculative.


 * The section that follows is entitled "Additional Attack Methods" -- additional to what? The first sentence says "besides URL spoofing", but URL spoofing has not previously been mentioned or described.  The style of that section then quickly switches to tutorial (i.e. "hover your mouse over this link . . . ").  That link is probably not self-explanatory to the average reader, either.  I believe it would be better to include actual URL and an explanation of why it does not do what the average reader might expect.  The "IDN spoofing issue" is mentioned, again without prior reference.


 * The eBay example is not self-evident, as the link underlying "click here" is not visible. The other two examples refer to using images to fool anti-phishing software, but again, there has been no prior mention of anti-phishing software. LarryMac 14:13, 5 August 2005 (UTC)
 * The ebay example I am planning on replacing with a better example from paypal. So that will be fixed soon.  Your critism is welcomed.  I will try to fix the article based on what you said, but if you can go ahead and improve anything yourself, by all means go ahead and do it. Also, feel free to participate in the peer review.  The link to it is on the top of the talk page. -- ZeWrestler   Talk 14:37, 5 August 2005 (UTC)

I don't have a wikipedia account, but I'd like to offer this small correction: "Johanson, Eric" cited at the references below... I've changed my legal name to "Johanson, 3ric". Please consider updating it. Refernce: http://3ricj.livejournal.com/5004.html  I've also finally gotten http://www.xn--pypal-4ve.com/ back online. Thanks!

Too many external links
I'm starting to think that this is a linking board. Does anyone else think this page has too many external links? -- ZeWrestler  Talk 00:22, 28 July 2005 (UTC)
 * Agree, I would remove the links to gishpuppy.com (their short bit on phishing adds nothing to article), http://www.geocities.com/phishingmemo (not bad but too juvenile), and move many others to this talk page. I've also added a merge|Phishing request to Anti-phishing after removing links that were duplicated from here. -Wikibob | Talk 23:31, 2005 August 2 (UTC)
 * Oh I couldn't agree more here. Some links don't need to be there.  One obvious was the webopedia which was a dictionary link.  Another one I question is the Sharecube link. --Paul Laudanski 05:09, 3 August 2005 (UTC)
 * I've removed gishpuppy, the geocities page and the sharecube links. Are there any more that you guys see that should be removed?  -- ZeWrestler   Talk 12:49, 3 August 2005 (UTC)
 * I'll have to give it another look a bit later.--Paul Laudanski 13:43, 3 August 2005 (UTC)
 * The software links are a nice addition but will likely change over time and so would be better off, as someone said, in here (the talk page)?? Not sure how we do these things exactly.  But I agree that the links are a bit heavy.  Do any of the anti-phishing subheading links have a lot of these software links already?  If so, then they definitely are not needed. --Exmachina 16:39, 3 August 2005 (UTC)
 * Mike Podanoffsky. In my humble opinion, there section needs some text, maybe not links, to a solutions page. The solutions, or lack thereof, should be non-product specific. Granted, I am in this space with ShareCube, but there is more to an entry in Wiki than just here is the problem. Many believe that SSL or some other technology solves the problem. I am interested in your opinions on solutions and solution text. Thanks.

Copyleft violation
Content literally lifted without attribution on a link farm site: http://www.fraudwatchernetwork.com/website/phishing.html JavaWoman 04:17, 2 August 2005 (UTC)
 * Hey. I see what you mean about a copy violation.  I decided to do some digging and here is something i noticed about the article you pointed out and a change a made during the last peer review. .  If you look at the compared version of in the link i just provided and the link you gave, you'll see that the paragraph's match after i made a copy edit.  Not previously to that.  If the older version matched the link you provided I would have said otherwise. But after i made a few random changes from what the text originally was, the newer text matches that of what was supposedly copied, I am inclined to say that whoever created the article in the link you provided copied off of wikipedia.  I have seen this happen before with other articles.  May you look into finding a date when the article you gave was created/copyrighted, because I have a feeling that it was created after this article was written. -- ZeWrestler   Talk 12:23, 2 August 2005 (UTC)

Examples Section
I am wondering if we really need all three phishing examples? The last two are, as you say, practically the same so that maybe just keeping the 3rd example would be sufficient between those two (esp since the text with this one is more informative). It just seems like they take up so much room as it stands now. Maybe they could be made smaller also/instead? -- Exmachina 16:44, 3 August 2005 (UTC)

Userfriendly image (stay or go)
The following is an part of the convo from Featured article candidates/Phishing/archive1.

+++++++++++++ +++++++++++++
 * Not sure if the User-Friendly FAQ entry helps much, though--it appears to allow non-commercial use only, which violates the GFDL. Might want to either justify fair use or yank the strip (it doesn't seem essential to the article, esp. considering the large number of other excellent illustrations). Best wishes, Meelar (talk) 15:58, August 24, 2005 (UTC)
 * The user friendly copytag is not listed under GFDL. It is listed under Free licenses. GFDL does not apply to this image.  Copyright for the image applys to this site, because the image is being used for educational purposes, as specified on the FAQ above.  If the image becomes too much of an issue, i'll remove it from the article, but personally, I would preferr to keep it in. I believe it adds a nice touch to the article. -- ZeWrestler   Talk 17:07, 24 August 2005 (UTC)
 * The User Friendly image isn't compatible with Wikipedia, unfortunately. He says he's fine with re-use, "as long as no money changes hands"--this essentially prevents commercial sites from mirroring this image. Non-commercial-use-only images aren't acceptable. I personally would pull the image. But with or without it, this is a very feature-worthy article. Best, Meelar (talk) 17:37, August 24, 2005 (UTC)

I figured the best thing to do is let the people who read this article decide on what should happen with the image. Should it stay or should it go? -- ZeWrestler  Talk 17:52, 24 August 2005 (UTC)

Okay, my view:


 * image doesn't add to the article - which is the critical point
 * would you get that image in a paper encylopedia?
 * will anyone who hasn't seen Userfriendly understand it?
 * Userfriendly *just isn't funny*

-82.33.52.78 23:30, 30 August 2005 (UTC)


 * Please be aware that as a noncommercial image uploaded after May 19, 2005, the image may be deleted at any time. --Tabor 23:33, 31 October 2005 (UTC)

Changes by 68.193.245.80
Look out for this IP, 68.193.245.80 - it appears to be Joseph Steinberg, who has been pushing his GreenArmor solution, and placing sites which link to his URLs in the links section of phishing and pharming. The sites often rehash old Wikipedia content, such as his own site at phishing-pharming.com (registered to him).

Joseph - you're quite welcome to edit the content, but this isn't your personal advertising board.

Oh, and I've had fun making changes to this article - my first big series of edits - and I hope you all can work with them to improve the article further. -82.33.52.78 13:26, 28 August 2005 (UTC)
 * Like i've said before, you should register with the site. That way we know who did all of the work.  You've been a big help to this article.  So it'd be great to have a user-name to associate with for thanking you.-- ZeWrestler   Talk 14:26, 29 August 2005 (UTC)
 * Reverted changes by him. I looked through what he did, you were correct.  it was all link spam. -- ZeWrestler   Talk 14:26, 29 August 2005 (UTC)

Katrina Phishing
CNN Article about phishing]

Hurricane Katrina has really generated a lot of phishing scams. Thought i'd share it with people here. -- ZeWrestler  Talk 16:16, 9 September 2005 (UTC)

Phishing example
Should something be done about the example image? I don't know if identifying a particular bank is a good idea...

Maybe the image should be degraded with a visible "EXAMPLE" watermark to prevent trivial re-transmission by wannabe phishers. It's one thing to give a low-quality example, but to provide the original image verbatim might be a bit questionable.

--203.45.114.193 00:32, 23 October 2005 (UTC)

BANK OF AMERICA SCAM
I just got sent this email.. Anyone whos seen the example on the main page would recognize the style of it

Feel free to add this as an example in relation to this topic

Take notice to the fact that the email address is from: service@bankofmerica.com

The URL is fake as well. It takes you to: http://www.___.de/templates/update/update.htm

Which is a template based off the BOA style sheet and asks you to fill in all your relevant banking information

Including your pin and all your personal information.

If u take all the folders off the url and go to the root at: http://www.___.de/ It takes you to deutch forum page.

I have notified BOA about this issue and they are looking into it now

But beware of things like this.



Sincerely,

William Hamilton aka o0paradox0o

'I removed those for URL, since this was settled complete meanwhile. I had a quantity annoyance therefore. Obviously my ftp account for these actions was abused.' 129.35.231.16 11:36, 19 January 2006 (UTC)

o0paradox0o@gmail.com --O0paradox0o 15:20, 8 November 2005 (UTC)

Image talk

 * This discussion was originally at WP:FAC, but was then moved to WP:FAR and has now been moved here because the issue, the lack of an image, has been solved thanks to User:Andrew Levine.

A tough article to find an appropriate picture for, but it's been requested for the main page. &rarr;Raul654 02:17, 31 October 2005 (UTC)
 * I uploaded Image:Phish.jpg, but I'm not sure if it's quite the right thing (I prefer that images don't have significant text in them). I've seen a few illustrations with something simple like a fish hook with large @ glyph dangling from it. If someone with image composition skills feels motivated, perhaps a free version of such an image could be created. --Tabor 23:12, 31 October 2005 (UTC)
 * BTW, how did it get to FA status with an image using the deprecated noncommercial license? --Tabor 23:25, 31 October 2005 (UTC)
 * I like Image:Phish.jpg; the text isn't too important to the image and it still gets the point across at thumbnail size. Creating our own flashy image rather than using one from a real anti-phishing government public information campaign might just be a little hokey and unencyclopedic.--Pharos 23:01, 5 November 2005 (UTC)
 * I personally don't think that an image created by some of our editors would be unencyclopedic. Depending on whats created, i think something better could be created by one of our own editors. I've put in 2 requests with some members of WikiProject Illustration to see if they'll create anything. -- ZeWrestler   Talk 15:56, 7 November 2005 (UTC)


 * Very strong support --  A dam1213   Talk +  09:25, 5 November 2005 (UTC)
 * You do realize this is not a vote? Read the section title. -- Rune Welsh | &tau;&alpha;&lambda;&kappa; | Esperanza  19:14, 5 November 2005 (UTC)
 * I personally think that if someone created an image of a person holding a fishing rod, that has a pc on the end instead of a hook, that would be a better picture for the article. -- ZeWrestler  Talk 15:38, 7 November 2005 (UTC)
 * I just had an idea that might make a good image. Take an '@' symbol and attach a fishing hook to it.  So it would look something like this.  What do you guys think about that? -- ZeWrestler   Talk 22:45, 12 November 2005 (UTC)
 * I'd suggest this image and this image if we can get permission from their creators or someone here can recreate them. My favorite is the first one. -- PRueda29 Ptalk29 03:22, 13 November 2005 (UTC)
 * Probally better to recreate one of them. The second link wasn't working for me. I do like the first one though. -- ZeWrestler  Talk 07:47, 13 November 2005 (UTC)
 * I had removed this conversation thinking that Image:Phishing chart.png had satisfied this problem, since it's PD and fairly simple and important to the topic. ZeWrestler contacted me on my talk page to object, so I am reinstating it for further review.  FTR, I do not support the proposed symbol (@ on a fishing rod) as being too uninformative for the reader. It would just look like an image for the sake of having an image. Tuf-Kat 06:25, 28 November 2005 (UTC)
 * I have hopefully fixed the problem by creating a public domain image for the article. It's similar to the old image that was at the top of the page, but with a different wording and a fictional bank's logo (though the image's info page makes it clear that "a real phishing attempt would claim to be from an actual bank the customer belongs to"). Tell me what you think. Andrew Levine 04:44, 3 December 2005 (UTC)
 * Looks great! Thanks a lot! Tuf-Kat 07:12, 3 December 2005 (UTC)
 * Agreed. I like it -- ZeWrestler  Talk 15:06, 3 December 2005 (UTC)

Figure incorrect for UK damages
The figure for UK damages from phishing listed in Section 3: Damage caused by phishing is incorrect. The figure quoted in The Register article relates to total card fraud in the UK in 2004 as found by Apacs. The original article this figure came from can be found here http://www.apacs.org.uk/downloads/cardfraudthefacts05.pdf

The figure relating to phishing damages in the UK is actually £12 million (found in the above document).

Fake porn sites
I remember reading in PC Answers once that at one time the most common form of Internet fraud consisted of bogus pornographic websites which asked for credit card details, supposedly as proof of age. Does anyone here know more about this? GCarty 15:40, 13 December 2005 (UTC)

One-time password phishing
the following was taken out of the article. Rather than lose it to the archeives, i've put it here. For a debate weather it should be used or not.

The Register [reported in October 2005] about a new type of phishing directed against one-time passwords. F-Secure explains that the online banking customers were given a scratch sheet, which contains a certain number of hidden passwords. As customers use the service they uncover the next password in the list, which gives them access to their account. The phishing website would always complain about the scratch code, thus adding more scratch codes to the criminals records.

-- ZeWrestler  Talk 15:19, 20 December 2005 (UTC)

I put a reference to this in the article, as:

This (and other forms of two-way authentication and two-factor authentication) are still susceptible to attack, such as that suffered by Scandinavian bank Nordea in late 2005.

-62.31.82.51 11:09, 22 December 2005 (UTC)

West Point
"In a June 2004 experiment with spear phishing, 80% of 500 West Point cadets who were sent a fake email were tricked into revealing personal information."

Perhaps it should be noted that the experiment tested a population specifically trained to follow orders without question, and that the result might therefore be artificially high.-- —Preceding unsigned comment added by MBlume (talk • contribs)
 * If that's true, then I could send them an e-mail saying "Hello, I'm some guy who you've never heard of. Send me all your money because I say so." I'll be filthy rich in a matter of weeks! J I P  | Talk 10:00, 26 April 2006 (UTC)

Phishing in the 1980s
Think phishing is 'new' or an 'internet' thingy, think again... it was rife in Universities for spoofing academic network logins err in the 1980s most certainly, and most likely long before also (very big yawns all round...)-- —Preceding unsigned comment added by 87.228.168.232 (talk • contribs)


 * Do you have cites for that? Can you contribute to the article? -82.40.166.124 14:34, 5 April 2006 (UTC)


 * I don't have any cites about the academic network phishing, there has to be some reference on some newsgroup.

I have another example (again without cite), this one of phishing protection built into logins for medical/health authorities in 1980s.

Some health authorities in UK, using MUMPS based systems at least in the 1980s, used a 'login verification response keyword, as protection against such attacks.

Basically it went like this: you logged in with normal username/password, then the system would respond with your special codeword, only if you verified the codeword as correct would your login proceed.

Basically this worked on the principle that the 'phisher' would not know your secret response code which was only generated by the 'real' server. Quite a nice simple solution, however relied on user vigilance.

Phishing for fun?
Not all phising involes money scams some are just to get an account on a recreational site such as myspace to mess around with the profile, prephaps that should be added into the article? —Preceding unsigned comment added by 68.45.92.85 (talk • contribs) 23:14 2 May 2006 (UTC)


 * I think that's a good idea. For example, check out rnyspacelogin.com, against whom Myspace has filed suit in federal court. http://dockets.justia.com/docket/court-vaedce/case_no-1:2006cv00544/case_id-204442/ This appears to be for advertising purposes, from what I've gathered - take over profiles and spam comments/bulletins. (Sorry, I forgot to sign the comment - Orpheus42 05:44, 7 September 2007 (UTC))

National prominence of Phish band
I assume "national prominence" refers to the United States (the article on Phish states that they were an American band)? I clarified the text accordingly. Mtford 10:48, 8 June 2006 (UTC)
 * That shouldn't even belong in this article. Completly unrelated to the topic.  I removed it. -- ZeWrestler   Talk 16:44, 8 June 2006 (UTC)

I got revenge on a phisher!
I just received yet another eBay phishing mail. What was interesting was that the URL actually used FTP instead of HTTP, and included the username and password. So I went to the site with a dedicated FTP client, entered the username and password, received the HTML, modified it, and put it back. Now people who get the same phishing mail will see "This is a phishing site! Do not enter any information to this site or the phisher will steal your credit card!" when they click on the link. I don't know how long it will stay that way, if the phisher finds this out. This is the first time I've actually had proper revenge on a phisher. J I P | Talk 16:14, 4 July 2006 (UTC)

Added reference
I'd agree that it isn't necessary, but it was a response to a Fact tag. Rather than remove the tag without a reference to add, I added a reference. If you all think the reference isn't needed, you can take it out. Moncrief 22:24, 16 August 2006 (UTC)

cracker vs. phisher
The use of cracker in place of phisher is incorrect. Cracker is commonly used to describe a person who maliciously hacks into secure directories where a phisher "fishes" for vulnerable users to reply to a phishing scam.I already forgot 08:22, 21 August 2006 (UTC)

Addition Request
I would like to ask a section for reporting phish be added under the Anti-Phishing heading. Many people don't know what to do with phishing emails, and as a result they are deleted and the phisher continues on. I did not make the addition myself because I'm associated with PIRTand I believe it should be included in the new section along with several other institutions. I am not sure what the rules are around making such additions, I don't want it to be viewed as spam so I thought I would bring it up here. In a nutshell, PIRT stands for "Phishing Incident Reporting and Termination". We started up about 5 1/2 months ago. The service is 100% free to the public, the brands and the companies getting our feed. We are staffed by volunteers from around the world who dedicate their time to taking down phish. RLaudanski 18:25, 26 August 2006 (UTC)
 * Interesting suggestion. my only question is how encyclepedic is it? -- ZeWrestler   Talk 20:52, 26 August 2006 (UTC)
 * I don't think I can answer that question as I'm not in the business of creating encyclopedic material, that is why I posted a link to it so you could take a look for yourselves and determine if it merits being added to the article. I suggested it because I think there needs to be a standard reference that tells people who they can report phish to.  There are literally 1000's of people who report phish to antiphishing.org not realizing that they don't actually do anything to shut those phish down, they use the information for statistical purposes.  I'm not saying don't report to them, we actually send our feed to them.  WikiPedia is considered "authoritative" in many subjects, it makes sense to me to include something on reporting.  Then again it also makes sense to me to include something on what to do if you have been the victim of identity theft via phishing.  I don't know if either would be considered encyclopedic.RLaudanski 21:32, 26 August 2006 (UTC)
 * We could add a new section to the anti-phishing part on "reporting and takedown" or some similar heading. It could include the line on the 24/7 services that is in the "technical responses" section, and include reporting phishing. Some of the more notable services could be listed, but Wikipedia isn't a web directory, so we would have to make it fit into structured prose and not be a prescriptive list - and we should, if we can, base it on a secondary source, not straight from the PIRT page. I found this page with a quick search, for example. --82.33.54.90 13:16, 29 August 2006 (UTC)
 * Done. --82.33.53.103 00:07, 22 September 2006 (UTC)
 * I have to say that I am just a little bit disappointed to see phishtank listed and not PIRT. We work with phishtank, in point of fact we send them our feed and they are a great group, but they don't do takedowns.  Some of their individual members might, but there are random people all over the world who do that.  I doubt any can say they saved over 22 Million dollars in 7 months as Brian Krebs reported on PIRT.  Please reconsider adding PIRT. --RLaudanski 05:55, 9 October 2007 (UTC)

large ftc block
I removed:

The FTC suggests these tips to help you avoid getting hooked by a phishing scam:

If you get an email or pop-up message that asks for personal or financial information, do not reply. And don’t click on the link in the message, either. Legitimate companies don’t ask for this information via email. If you are concerned about your account, contact the organization mentioned in the email using a telephone number you know to be genuine, or open a new Internet browser session and type in the company’s correct Web address yourself. In any case, don’t cut and paste the link from the message into your Internet browser — phishers can make links look like they go to one place, but that actually send you to a different site.

Use anti-virus software and a firewall, and keep them up to date. Some phishing emails contain software that can harm your computer or track your activities on the Internet without your knowledge.

Anti-virus software and a firewall can protect you from inadvertently accepting such unwanted files. Anti-virus software scans incoming communications for troublesome files. Look for anti-virus software that recognizes current viruses as well as older ones; that can effectively reverse the damage; and that updates automatically.

A firewall helps make you invisible on the Internet and blocks all communications from unauthorized sources. It’s especially important to run a firewall if you have a broadband connection. Operating systems (like Windows or Linux) or browsers (like Internet Explorer or Netscape) also may offer free software “patches” to close holes in the system that hackers or phishers could exploit.

Don’t email personal or financial information. Email is not a secure method of transmitting personal information. If you initiate a transaction and want to provide your personal or financial information through an organization’s website, look for indicators that the site is secure, like a lock icon on the browser’s status bar or a URL for a website that begins “https:” (the “s” stands for “secure”). Unfortunately, no indicator is foolproof; some phishers have forged security icons. Review credit card and bank account statements as soon as you receive them to check for unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.

Be cautious about opening any attachment or downloading any files from emails you receive, regardless of who sent them. These files can contain viruses or other software that can weaken your computer’s security.

Forward spam that is phishing for information to spam@uce.gov and to the company, bank, or organization impersonated in the phishing email. Most organizations have information on their websites about where to report problems.

If you believe you’ve been scammed, file your complaint at ftc.gov, and then visit the FTC’s Identity Theft website at www.consumer.gov/idtheft. Victims of phishing can become victims of identity theft. While you can't entirely control whether you will become a victim of identity theft, you can take some steps to minimize your risk. If an identity thief is opening credit accounts in your name, these new accounts are likely to show up on your credit report. You may catch an incident early if you order a free copy of your credit report periodically from any of the three major credit bureaus. See www.annualcreditreport.com for details on ordering a free annual credit report. http://www.ftc.gov/bcp/conline/pubs/alerts/phishingalrt.htm

at the very least it needs massive wikification, and it seems a bit howto. RN 00:39, 4 September 2006 (UTC)

Merge with Social Engineering?
Phishing is a Social Engineering technique, shouldn't it be part of that page? While a comprehensive article is here, the technique still relies on the same cognitive biases of other SE attacks and I don't think it's prevelence makes it any more special. Comments?24.126.126.105 14:51, 20 September 2006 (UTC)


 * No. Without going into detail, I'll address the most obvious one...This is a featured article and has gone through much scrutiny to get to such a status. Had merging been a viable option, it would have been done during the process of making it a featured article. --I already forgot 21:02, 20 September 2006 (UTC)

I'm not sure why that is relevant to the heart of the question. Are you disagreeing that phishing is a subset of Social Engineering? It seems pretty obvious that it is and I'd think most people who are familiar with SE would agree that it is. That said, why not make a suggestion on how interested parties might understand the subset relevance? While resting on laurels is nice, it rarely leads to innovation - and isn't wikipedia about innovation and change? What's your suggestion? 24.126.126.105 02:40, 21 September 2006 (UTC)
 * I also believe that Phishing should stay as an article on it's own. Laymen and kids doing research aren't going to be searching for sicial engineering, they are going to search for the most obvious term.  I think the Social Engineering page should have a brief description of phishing, and then point to this page for details.  I'm also with I already forgot's point that featured and mainstream-referenced pages should not be moved or merged.  I'd also find it strange to remove every article that is a subset of a greater article.  Could you immagine if we'd merge every chemical element into Periodic Table? - NickSentowski 14:40, 21 September 2006 (UTC)

I also do not think that merging is a good idea. This is a large article and useful as is, and the social-engineering article is also large. A merger would either create an article that would be too large, or would remove too much useful information. I think NickSentowski is right, imagine if we merged every element into the periodic table. Wrs1864 16:35, 21 September 2006 (UTC)

Isn't there some way to kind of group everything together when information gets too voluminous? Maybe it would make sense to set up a Social Engineering category? The SE page lists 4 techniques, but there are so many more. Would this make sense instead of merging?63.138.87.171 18:38, 21 September 2006 (UTC)

I'm against a merge. Phishing is a featured article; Social Engineering is not nearly. Phishing merits its own article. A category makes more sense. --82.33.53.103 00:09, 22 September 2006 (UTC)

Add Phishing by Police
I would like to add the following two-part entry:

"In California, many police departments phish for identities by sending out fake red light camera tickets. See more info in examples, below."

(And, under Examples:)

"Phishing by the Police

Some phishing comes from where you would least expect it - the officials who are supposed to protect you! In California, many police departments send out red light camera "tickets" that have not been filed with the Superior Court and thus have no legal weight. The intent is to bluff the registered owner into revealing the name, address and driver's license number of the person who was driving the car. Fake ticket examples."

I have seen a comment that the police's activity is not email phishing. The person making that comment deleted my entry when I made it earlier today. I note that the title of the overall article is "phishing," not "email phishing." I note that the article includes discussion of phishing by phone call. I consulted the Urbandictionary.com, and its definitions of the term include "Scamming method used to ellicit information from "uninformed" computer users through impersonation of trusted sources." I believe that the police's activity is a good fit, as computers are heavily involved. While the initial contact is by snail mail, the scheme is furthered when the mailed document instructs the recipient to access a website where he will view the pictures - and can also supply an identity or pay the fine.

Further, since the purpose of Wikipedia is to tell us info that we don't already know, what belongs here more than info about something that is not well known? (How many of those reading this were previously aware of the scheme?)


 * Try Social engineering (security) instead. This is a form of pretexting. --82.33.53.103 19:38, 25 September 2006 (UTC)

And phishing is a form of pretexting AND social engineering. They're all related, as is acknowledged by the "merge with social engineering" thread above. I recognize that you desire to maintain the purity of this article, but this is not your private website where you can set things in stone. This is a wiki, which is made rich by a diversity of the most current information. Absent any cogent discussion by the persons who removed my entry, I have re-entered it.


 * This is also not your private website to add your POV. Please help to maintain accuracy and NPOV in the article. Thanks. --I already forgot 01:24, 28 September 2006 (UTC)

Perhaps something that you did not know about before, but it is accurate/true.

"I Already Forgot" has again removed my entry. His comment, received in a user mail: "However, unconstructive edits are considered vandalism, and if you continue in this manner you may be blocked from editing without further warning. Please stop, and consider improving rather than damaging the work of others."

I have told him I would reply here on this discussions page, and have asked him to do so also. I would like to know why my entry is "unconstructive" and "damages the work of others."


 * (edit conflict)I'm not the only who has rv the edit. Your edit is POV and is starting to look like linkspam as the link has been added on multiple pages with the exact same text. This is an international article on Phishing, not a platform for a personal problem or POV with local law enforcement. We cannot list every "fishing" attempt by law enforcement in every country so lets stick with internationally and well documented "Phishing". Please read up on WP:NPOV and help contribute instead of pushing your pov.--I already forgot 07:26, 28 September 2006 (UTC)

I have also asked WRS to respond here, so I will wait to see what he says, then respond.
 * While you wait I ask two things. 1. Please sign your edits on the talk pages. 2. Keep in mind that you (including sockpuppet and website) are the only one in the world that relates "phishing" to controversial police attempts at finding the driver who may have broken the law. Everyone else relates it to website and email scams by criminals. --I already forgot 08:11, 28 September 2006 (UTC)
 * Also, which I mentioned before, you are confusing "fishing" with "phishing". I dont understand how "password harvesting" (the origin of the Ph in PHishing) relates to what you describe but I can see how "fishing" does. Ok, now I feel dumb for getting into this dispute...This is my last reply. --I already forgot 08:32, 28 September 2006 (UTC)


 * I also support not having the content, see Talk:Social engineering (security). Though this talk is good enough reason too. McKay 13:17, 28 September 2006 (UTC)

While I wait for WRS to reply, I am adding a copy of McKays comments from Talk:Social..., for convenience. McKay's comments:

"1. Highwayrobbery.net isn't notable. Google("link:highwayrobbery.net") returns 25 results, 10 of which are either wikipedia (or derived from it), or are from the site itself. This leaves 15 links. I'd prolly put that at a non-notable level. 2. Now that I've read the content of the page, it's interesting and helpful information, but it is Original Research, which is frowned upon in wikipedia. As a summary, I don't think that there is a problem with the content, but I think that we should find a better source than the one provided." (End of McKay's comments.)--Einsteininmyownmind 18:47, 28 September 2006 (UTC)

While I'm certain your claim is legitimate, that's not the problem with your entry here. Your entry is specific to abuse of power by the police and more appropriate to something dealing with that (e.g. Police abuse of authority or something) It's kind of like discussing how you painted your house under the paint topic: yeah they're related, but someone interested in paint and what it is is not likely interested in your specific experience. Check out: Police to see what I mean. There is a whole area devoted to that topic and your reference to phishing and pretexting would make a lot of sense there and probably open up the minds and eyes of a lot of people who would never look up Social Engineering topics normally. 24.126.126.105 06:32, 9 October 2006 (UTC)

Examples of Phishing???
I have an example of the type of phishing used sitting in my email inbox. The conmen/women are very clever and everything looks completely legit. If it will benefit readers from seeing an example of a genuine website and a phish website, i'll put up both here - within the discussion section - if you all think it is a good idea. Then you can decide etc. whether it should go on the mainpage etc. But I think, to the uneducated readers, it is worth seeing that there is almost NO different between the legitimate site and the phish site. What do you think?TheGrandMaster1 12:22, 25 September 2006 (UTC)


 * I don't think we need any more examples. Those here already work well, and working on the prose would add a lot more. --82.33.53.103 18:23, 26 September 2006 (UTC)

Removed HoodedHound's image
I believe that User:HoodedHound added the image of AOL phishing as a form of self-promotion (he seems to be a phisher). Removing his name from the caption was reverted by him. I removed the image entirely. --82.33.53.103 18:23, 26 September 2006 (UTC)

Facts needed in AOL phishing section
I removed "Phishers temporarily moved to AOL Instant Messenger (AIM), since they could not be banned from the AIM server." since I couldn't find a reference for it. The rest is (sort of) covered by the two references now in this section. --82.33.53.103 18:35, 28 September 2006 (UTC)test

Newegg.com
Newegg.com's phishing advisory links to this article. I've added an template, though I'm not sure if this is the appropriate template since newegg isn't a media source. Koweja 15:31, 20 November 2006 (UTC)

Website spoofing
This article needs work and development but is relevant to this article. WP policy is to maximise internal links both for information and to encourage editorial attention. It was deleted from See also. It is not my practice to press edits so I should welcome a discussion as to its suitability, here. TerriersFan 23:06, 26 November 2006 (UTC)


 * TerriersFan, I reverted that edit, and can't imagine why. It was an error and I apologize. I'll put it back, minus the redundant link in the "See also" section. JonHarder 23:24, 26 November 2006 (UTC)


 * Thank you for this constructive response. TerriersFan 23:53, 26 November 2006 (UTC)

Banks' servers hacked - not phishing
I removed the following text, after editing it for clarity, then deciding it wasn't phishing. It is, however, an instance of what some have called pharming. There's even a claim that "There are no known instances of pharming causing financial loss" on that article's pages.

Here's the removed (and edited) text:

In another attack, malicious intruders invaded servers of a bank hosting company used by several hundred small banks. The intruders modified the banks' real web pages, so that visitors to the trusted bank sites were redirected to false pages. The intruders could then steal passwords and other personal information entered by unsuspecting customers. The web hosting company recognized irregularities in web traffic patterns of the bank sites, and shut down its web hosting servers to thwart the attack.

Some security experts characterized this attack as a security breach, since phishing typically involves enticement of an unsuspecting person to visit a rogue site by way an embedded link in a spoofed e-mail message. In this case, the attack took a different spin, with breakdown in security occurring right at the source &mdash; servers operated by the web hosting company. However, security experts found that banks were not entirely blameless in this episode, too, since this type of attack could have been averted had the banks used two-way authentication to establish and prove the identities of the bank and user.

Here is Goldleaf's own press release

Point to note from George Ou's blog:


 * [while] this is technically similar to phishing, it isn’t the same thing

and the definition of phishing in this article agrees with him.

And these are the references:, ,

--82.40.166.44 17:40, 30 December 2006 (UTC)

Other websites where they say "this ain't phishing":


 * 
 * 

--82.40.166.44 18:00, 30 December 2006 (UTC)

I don't like phishing.
I don't like phishing. —The preceding unsigned comment was added by 81.35.5.15 (talk) 20:37, 25 April 2007 (UTC).

Things that are not phishing
Do we need a section briefly describing things that are not phishing that are often confused with it?


 * Sending malware to infect a system and read keystrokes isn't phishing
 * Taking over a bank's website and stealing user details isn't phishing
 * Forcing an ISP's DNS servers to send people going to a bank to your own website isn't phishing

Phishing uses social engineering to make people give up information.

--82.33.51.52 18:01, 10 May 2007 (UTC)

it really was not commercial content
(Section moved here from User_talk:CliffC)

Hi Cliff,

You undid some of my recent additions, indicating that they were of commercial nature. (One citation to www.securitycartoon.com and one image.) I am sorry if the post was poorly phrased. I would like to ask that you reconsider its removal, whether of both entries or only the reference.

Please do not let the ".com" fool you. This is not a commercial offering, and it was not an attempt to sell a product. SecurityCartoon is an effort out of the stop-phishing.com group at Indiana University, and we aim to educate typical Internet users about security threats. Our approach is guided by academic research insights, and we make absolutely no profit. Please take a look at our material at www.securitycartoon.com and you will agree.

Our effort is closely related in spirit to the one already referenced in connection (reference: Ponnurangam Kumaraguru, Yong Woo Rhee, Alessandro Acquisti, Lorrie Cranor, Jason Hong and Elizabeth Nunge.) Neither is a commercial endeavour, both have the same goal, but different techniques.

I hope you will be willing to undo your removal.

Yours, Markus Jakobsson


 * Markus, I reverted the citation and cartoon you dropped into the middle of a sentence in the existing text in part because the cartoon, of a keylogger creature and its master, had absolutely nothing to do with Phishing, the subject of the article. I now notice that neither of the two ids used to add the cartoon has contributed to Wikipedia before except to add links to documents of which you are an author, and that a few hours after you posted the above note to me you added to Phishing a link to another document of which you are an author.  There is no rule against this that I am aware of, but editors will always wonder about such additions.  I suggest you review the guidelines at WP:Conflict of interest and before making edits where you would cite yourself or the group which which you are affiliated, first propose your changes on the article's Talk page.  --CliffC 02:57, 9 June 2007 (UTC)


 * Hi Cliff, People define phishing in different ways. Sometimes crimeware is included, othertimes not. A common definition involves some social engineering component (which the installation of a keylogger often has) and some theft of information (which the keylogger certainly has.) The point was not to talk about keylogging, though, but rather, about educational efforts. I can pick an example more directly related to phishing. While I agree with you that self-promotion should be kept out from the wikipedia, we must also recognize that sometimes it is the author of some document who is the expert, and therefore, the most appropriate contributor. I do not perceive a conflict of interest in this case, but see how you might have felt that there was, specially given the '.com' extension of the material. Please consider reverting your changes; I'd be happy to upload another cartoon strip, if you and others find that more appropriate. Cheers, Markus
 * --above unsigned message from Markus-jakobsson 20:00, 19 June 2007 (UTC)


 * I'm going to turn this thread of discussion over to Talk:Phishing for comment by other interested editors. --CliffC 00:55, 20 June 2007 (UTC)
 * There are too many external links to sites offering material which are not commercial by themselves, but the site is a marketing platform for commercial sites. We have known that blogs can be used to educate people in a specific knowledge area, which can in turn help to boost the marketing of new products. Without going too deep into that, I think most editors would find it OK to include such sites provided that it is from an authoritative site with unique and useful content to support the Wikipedia article. This means that there should not be too many other sites with similar content. If there are too many sites with similar content, suggest to include the content as part of the Wikipedia article rather than pointing to external links. Otherwise, we will get a hundred spams links all talking about the same content. My point is, we will need to remove more than just this link because there are other commercial external links on the site.


 * If anyone says that this commercial page is useful0, i.e. http://www.sonicwall.com/phishing/
 * There are also similar tests at Mcafee and other sites. Should we include all of them? It will become a link directory. Unless the article is deemed incomplete without that critical external link, I would suggest removing them to avoid spam and allegations of bias edits. Zragon 01:58, 6 August 2007 (UTC)

South Trust...
Under "Recent phishing attempts" contains an example of a phishing attempt of South Trust bank. South Trust merged with Wachovia and no longer carries the name South Trust.Dreammaker182 03:12, 26 July 2007 (UTC)

At the time the phish was sent (2005) SouthTrust existed independently; I can't see what change might need to be made. 82.33.51.52 09:45, 5 August 2007 (UTC)

Whale phishing
There's one presentation by Websense that uses this awful phrase, "whale phishing". Please let's not catalogue minor variations on phishing with silly names. --82.33.51.52 22:13, 12 August 2007 (UTC)

List of Known Phishing sites
Well I just thought I'd make this because someone just tried to phish my nonexistent paypal account. Idiots. But anyways I copied there site link, but I'm not sure how to report it. I'll just put it here. [removed] --72.45.66.160


 * Link removed. One must wonder exactly what is going on when an unregistered user's first and only edit is to post a harmful link.  CliffC 22:58, 14 August 2007 (UTC)

Plagiarism
The opening paragraph of this article is a direct steal from the Web site cited as a source. GeorgeLouis 04:18, 22 August 2007 (UTC)


 * Good catch, although this is probably only a technical copyright violation since the editor who added it seems to be the author of the material cited -- not plagiarism but perhaps a WP:COI. I have undone the edit that added it, and also provided a better citation than Jakobsson for the first sentence.  As I stated to him on 9 June (above), "There is no rule against this [citing yourself] that I am aware of, but editors will always wonder about such additions. I suggest you review the guidelines at WP:Conflict of interest and before making edits where you would cite yourself or the group which which you are affiliated, first propose your changes on the article's Talk page." --CliffC 05:09, 22 August 2007 (UTC)

Phishing and Phish
Was phishing named after the band Phish? Also, Several NetNanny-type programs block websites about the group as "phishing-related" sites Doc Strange 17:26, 22 August 2007 (UTC)

No, it wasn't. Take a look at the intro to the article. --82.33.48.160 09:39, 27 August 2007 (UTC)

Section needs Improvement
I don't understand the section on Wildcard DNS, even when reading the linked definition. What does the pipe character do in (all browsers?) under XP? How do those funny names resolve to a wildcard record? &mdash;DÅ‚ugosz

Which section on wilcard DNS? --82.33.50.254 19:49, 12 November 2007 (UTC)

Why? Please undo archiving
It makes no sense to archive this page, it's not that busy or full - please keep information readily available to readers. Please contact an administrator to undo this unnecessary action. --CliffC 04:19, 7 November 2007 (UTC)

Trends in phishing
Recent trends that might be worth mentioning: Now that anti-phishing blacklists are offered by Google, OpenDNS, and others, phishing attacks have been developed to overcome the blacklists.
 * Phishing URLs in e-mail now usually contain a random component, including random subdomains and even base domains.
 * URL redirection. exploiting vulnerabilities in well-known sites, is now used in phishing e-mails to get around spam filters. The Alicia Keys incident involved an open redirector plus other attacks.
 * Redirection through Flash files is now an established phishing technique. Netcraft called this "Phlashing", but I don't think that's an established enough term to use in Wikipedia yet.
 * Redirection via exploitable JavaScript has been seen in blogs. --John Nagle (talk) 02:26, 25 November 2007 (UTC)

DNS hijacking
"DNS hijacking and other attacks that are used for banking fraud are not all phishing. Please check the definition of phishing."
 * I think DNS hijacking is clearly a phishing technique that meets the definition of phishing as stated at the beginning of the article. While DNS hijacking can also be used for other purposes, a (if not the) principal purpose is to "criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication". See the reference I cited. Banking fraud can result from the sensitive information that's been obtained this way, but the sensitive information can also be used for other purposes. Thus I'm restoring this section pending further discussion, referencing the new page for DNS hijacking I've just created. --John Navas (talk) 18:37, 18 December 2007 (UTC)


 * I looked at the article you cited in support; it doesn't describe DNS hijacking as a phishing technique. Do you have any other reliable sources that describe this as phishing? Phishing is all about tricking people into giving up information, using social engineering, with technical trickery to make it more convincing. DNS hijacking is subtlely different - it uses a technical attack to redirect traffic to a malicious site. It relies on an attack on DNS, not on a person. If we broaden the definition of phishing in this way to include DNS hijacking this would - by extension - include other man-in-the-middle attacks in phishing, even if they require no social engineering. --82.33.52.88 (talk) 23:43, 19 December 2007 (UTC)


 * I found an article from 2005 about large-scale DNS hijacking (widely called "pharming") in support of my position: "Pharming attacks are similar to phishing identity-theft attacks, but they don't require a lure, such as a Web link that victims must click on to be taken to the attack Web site.". Perhaps you could add this more recent DNS hijacking of single clients at a time to the pharming article? From a quick read of that article it fits the definition perfectly. --82.33.52.88 (talk) 23:56, 19 December 2007 (UTC)


 * I went ahead and removed the section again. Before putting it back please discuss here. --82.33.52.88 (talk) 16:23, 21 December 2007 (UTC)

password managers
I introduced this technical solution which is an obvious but, one that was never mentioned. Now, with most browsers having password managers; and many others available for free, this makes a lot of sense. ZEUHUD (talk) 17:49, 31 January 2008 (UTC)

Can anyone find an independent source that cites password managers as a useful tool against phishing? All I've found is pages from vendors of password managers, and stories about how password managers can expose logins to another kind of dataloss. --82.33.52.88 (talk) 11:25, 2 February 2008 (UTC)

Suggested link
[Copied from CliffC's talk page] I added an important global tool to the set of technical solutions for phishing, which you have taken out. There is nothing there that constitutes advertising! Every browser now day s has a built in password manger that all consumers can benefit from. My analysis is completely academic with references. ZEUHUD (talk) 17:23, 31 January 2008 (UTC)ZEUHUD


 * Sorry, but most editors here are good at recognizing edits like this, where the main goal seems to be to provide bedding for a product mention or link. Please take a couple of days to review WP:EL and the other Wikipedia links I put on your user page. If you happen to know User:E8MXNX, who seems to be editing article password manager with a similar goal of publicizing SignupShield, please pass the word that Wikipedia is not a free billboard.  You might have a conflict of interest as far as SignupShield goes, are you associated in any way with the company?  Meanwhile, I have reverted your latest edits to Phishing, please take it up on that article's talk page and get consensus before adding the link again.  --CliffC (talk) 20:20, 31 January 2008 (UTC)

Fair use rationale for Image:Yahoo phishing.jpg
Image:Yahoo phishing.jpg is being used on this article. I notice the image page specifies that the image is being used under fair use but there is no explanation or rationale as to why its use in this Wikipedia article constitutes fair use. In addition to the boilerplate fair use template, you must also write out on the image description page a specific explanation or rationale for why using this image in each article is consistent with fair use.

Please go to the image description page and edit it to include a fair use rationale. Using one of the templates at Fair use rationale guideline is an easy way to insure that your image is in compliance with Wikipedia policy, but remember that you must complete the template. Do not simply insert a blank template on an image page.

If there is other fair use media, consider checking that you have specified the fair use rationale on the other images used on this page. Note that any fair use images lacking such an explanation can be deleted one week after being tagged, as described on criteria for speedy deletion. If you have any questions please ask them at the Media copyright questions page. Thank you.

BetacommandBot (talk) 03:13, 12 February 2008 (UTC)

Phishing for birds
I don't have any cites (my books are at a loss right now), but as a birder (bird-watching for you non-birders), phishing a term used for the sounds you make as you try to lure the bird out of concealment. They caution you when phishing for birds, since over-phishing may cause undue stress on the bird. I know these would probably not qualify as WP:RS, but here's a few:  [http ://www.whatbird.com/Articles_Tutorials/Articles/Review%20of%20Handheld%20Birds.aspx]. I'm not asking that this be considered for inclusion, but just bringing up a possible alternative to the "fish" explanation. Yng varr  14:53, 12 February 2008 (UTC)

"Whaling" - neologism problem
"Whaling", a term apparently introduced a few weeks ago by one writer, probably should be considered a neologism per WP:NEO. --John Nagle (talk) 04:08, 29 April 2008 (UTC)

It was a neologism a few months ago, but has now made it into the mainstream press:


 * http://www.networkworld.com/news/2007/111407-whaling.html
 * http://www.nytimes.com/2008/04/16/technology/16whale.html?_r=1&ref=business&oref=slogin
 * http://news.google.com/news?q=whaling%20phishing

--82.33.52.88 (talk) 20:01, 30 April 2008 (UTC)

Meaning of "phishing" drifting
The usage of phishing is drifting. At first it was used to describe attempts to socially engineer sensitive information. Now, it is used even if the social engineering is one part of the attack, with some kind of exploit used to actually get the information. Broad brush phishing is treated as different to broad brush email attacks like the "Storm worm", but once attacks are targeted then terms like spear phishing are applied even if the attack isn't "phishing" under the common definition.

It's an important distinction because the defences against the two are different, but most security companies and news sources don't try to point this out. You can fall victim to attacks that don't just use social engineering even if you don't give up information, just visiting a link could be bad for you.

Even more perversely, people keep trying to add things to the phishing article because the aim is banking fraud or stealing personal information, even if no social engineering is used at all.

Techtarget does define spear phishing in the standard way, but other places don't and I haven't come across a discussion of this drift anywhere - so it's not suitable for the article. Any cites for the meaning of phishing drifting like this?

---82.33.52.88 (talk) 09:44, 1 May 2008 (UTC)

This article was misused...the http address was posted as a link in a suspicious manner and sent to many people

please review people who have linked this page

if u would like a copt of the misused link or more questions about this contact me

kabin@uwindsor.ca —Preceding unsigned comment added by 72.138.204.173 (talk) 08:07, 15 June 2008 (UTC)

Citation
Why is a citation needed to show that there have been no known homographic phishing attacks? You can't show a negative in this way so surely you would just need a citation if there were any such attacks. It's like saying there are no known extraterrestrial civilisations (citation needed). —Preceding unsigned comment added by 81.86.117.126 (talk) 10:55, 21 June 2008 (UTC)

cool
this is neet —Preceding unsigned comment added by 66.142.7.6 (talk) 01:21, 21 June 2008 (UTC)
 * Please specify what is "neat". [Bot mode|When I'm robot-like,;)] -- Xp54321 ( Hello!, Contribs ) 01:55, 21 June 2008 (UTC)

this is —Preceding unsigned comment added by 66.142.7.6 (talk) 03:41, 21 June 2008 (UTC)

WaMu phishing scams
I notice that I've not received any WaMu phishing emails lately. I wonder if the decline in WaMu stock price and the poor financial health of the banking sector in general, has caused scammers to shift the focus to more vibrant companies so as to catch happy (and therefore more easily duped) customers? Pierre.cardoone (talk) 07:00, 21 June 2008 (UTC)
 * How does the bank's stock price affect whether customers who keep their checking or savings accounts there are happy? They don't necessarily own any stock, and their deposits are insured by an agency of the US Government against bank failure. Not seeing any correlation here -- maybe the phishers just pick a bank, work its customers for a while, then move on to another bank? Regards, Unimaginative Username (talk) 08:29, 21 June 2008 (UTC)

"target" is the wrong word here
In the lede it says "PayPal, eBay and online banks are common targets." This expression seems less than felicitous. After all, those organizations are more nearly the lures, (in the fishing analogy); the target (fish) is the poor sucker (pun intended!) whose account ends up being looted by the fraudster.

I'm not exactly sure how this might be best reworded. Would someone else care to take a stab at it? Absent counterargument or suggestions, maybe it makes sense simply to replace "targets" with "lures". Publius3 (talk) 15:35, 21 June 2008 (UT)


 * "Lure" is good, I have changed that sentence. --CliffC (talk) 00:16, 22 June 2008 (UTC)

Phishy emails
I often get phishy emails for paypal--to dispute a claim. I don't click the link in the email, but instead go to paypals website and login in. often, the link in the email is a web address similar to paypals's web address. For example, I recieved one recently that linked to paypal.info.com instead of paypal.com. You can forward these emails to phishing@paypal.com whicky1978talk 20:54, 21 June 2008 (UTC)

Easy prevention
Please pardon a bit of original research in the name of a good cause, but the easy answer is: Don't give your bank your e-mail address. They always ask, whether you deal in person or online, but "Just say no". My bank has a secure message system *inside* the online account; i. e. you login, either at your known bookmark/favorite or, for the really cautious, by hand-typing https://login.mytrustedbank.com. Now, inside the SSL/TLS secure connection, you can send them messages, customer service requests, etc., and they can send you stuff (usually spam-type promotional announcements, but at least they're legitimate). And if you *ever* get an e-mail at UU@emailprovider.com, you know it's forged. Regards, Unimaginative Username (talk) 22:36, 21 June 2008 (UTC)

Links
When you hover your mouse over a link, around the bottom-left of your screen you will see where that link takes you. Isn't this all you need to do to not click 'trick'-links? —Preceding unsigned comment added by Darx21 (talk • contribs) 23:29, 13 July 2008 (UTC)

Origin of the term 'phishing'
I was an undergraduate at the University of Camberidge (1984-1987) when there was a security breach in the Computer Laboratory. BBC Micro workstations had their boot ROMs replaced with reprogrammed ROMs, which asked for username and password information beofre logging the user on to the University IBM mainframe. The modified ROMs saved the username and password for retrieval by the perpetrator: a student who referred to himself as 'the phisherman'. 86.129.57.229 (talk) 18:46, 13 August 2008 (UTC)

Origin of the term 'phishing'
How do you pronounce 'phishing'? —Preceding unsigned comment added by 96.20.128.227 (talk) 16:35, 24 November 2008 (UTC)

what
I clicked a phishing link in an email, but realized almost immediately it was a phish (oops). I didn't give them personal info, however, did they get any info from me just by my clicking the link? —Preceding unsigned comment added by 66.245.90.115 (talk) 17:41, 4 December 2008 (UTC)
 * It is unlikely that they would have directly received any personal information from you just by your visiting their site. However, some phishing sites push down "drive-by downloads" -- malware which installs on your computer as soon as you visit the page (provided you were using a vulnerable browser and computer).  You'd do well to obtain a bootable CD with current anti-virus software on it, and scan your computer for viruses and worms, just to make sure you weren't hijacked.  The computer virus article has some background, but it's rather encyclopaedic, and not particularly oriented towards offering users help.  http://antivirus.about.com/ might be better for that.  Hope this helps.-- era (Talk | History) 07:36, 10 December 2008 (UTC)

Whaling?
Just encountered the term whaling used to refer to any phishing activity intended to collect information about or from senior executives (or celebrities or other VIPs?). Is this particularly widespread? Does it merit inclusion in the article?—PaulTanenbaum (talk) 17:47, 16 December 2008 (UTC)


 * Term is mentioned already, as aimed at "senior executives and other high profile targets within businesses". --CliffC (talk) 20:28, 16 December 2008 (UTC)


 * Ooops! Sorry for being so blockheaded as to fail to search it.—PaulTanenbaum (talk) 13:09, 17 December 2008 (UTC)

Helping_to_identify_legitimate_websites
The section Phishing is a good addition from User:Iangfc, but:


 * the style needs a copyedit
 * it isn't cited
 * it reads like an essay with a strong point of view - it could do with toning down: it has a strong bias against browser vendors and the CAB forum, among others

--82.33.50.145 (talk) 18:35, 21 December 2008 (UTC)

PayPal phishing example


In an example PayPal phish (right), spelling mistakes in the e-mail and the presence of an IP address in the link (visible in the tooltip under the yellow box) are both clues that this is a phishing attempt. Another giveaway is the lack of a personal greeting, although the presence of personal details would not be a guarantee of legitimacy. A legitimate Paypal communication will always greet the user with his or her real name, not just with a generic greeting like, "Dear Accountholder." Other signs that the message is a fraud are misspellings of simple words, bad grammar and the threat of consequences such as account suspension if the recipient fails to comply with the message's requests.

Note that many phishing emails will include, as a real email from PayPal would, large warnings about never giving out your password in case of a phishing attack. Warning users of the possibility of phishing attacks, as well as providing links to sites explaining how to avoid or spot such attacks, are part of what makes the phishing email so deceptive. In this example, the phishing email warns the user that emails from PayPal will never ask for sensitive information. True to its word, it instead invites the user to follow a link to "Verify" their account; this will take them to a further phishing website, engineered to look like PayPal's website, and will there ask for their sensitive information. You can report these phishing emails to PayPal directly. Remember not to use any of the links that your phishing email has provided.

Budding Journalist 16:02, 5 March 2009 (UTC)

Clarification/link needed
What do you call phishing for email addresses, or chat AIM/yahoo logins? Is there a different term for that? If so, could it be linked somewhere in this article (at the top as a disambig/differentation in the first paragraph, or at the bottom as a related topic?) ~ender 2009-06-14 14:46:PM MST —Preceding unsigned comment added by 4.240.12.113 (talk)


 * You call it harvesting, and its quite a different topic. --82.33.50.145 (talk) 13:34, 11 August 2009 (UTC)


 * The article E-mail address harvesting covers the topic. Mind  matrix  14:41, 11 August 2009 (UTC)

Actual origin of the term
The intro includes the phrase, 'the first recorded use of the term "phishing" was made in 1996', but this is patently wrong. The word is in fact recorded, with the right definition, by Scott Adams in a 'Dilbert' cartoon strip on the 12th of August 1995. Furthermore, it seems extremely likely from the context of this image and the fact that the term is not known to appear before, that in fact this strip was exactly where the term was coined. Link: http://www.dilbert.com/strips/comic/2005-08-12/ I changed the intro accordingly but it was reverted. Please explain why. —Preceding unsigned comment added by 203.160.122.141 (talk) 10:02, 8 August 2009 (UTC)

The link is dated 2005, not 1995, and above the cartoon it states "STRIP FOR AUG 12, 2005". 2005 = 1995 + 10 :-) --82.33.50.145 (talk) 13:32, 11 August 2009 (UTC)

"criminally fraudulent"
This definition seems restrictively specific. Criminal in what country? What about sites that are benefiting from this type of deception, but are not breaking any laws? Is there a separate term for Phising that isn't used to break the law? Basho (talk) 16:32, 25 August 2009 (UTC)


 * It is classed as a criminal act in the UK under the Fraud Act 2006. Here is the relevant section of the Act (chapter 35) in full. --Panzer71 (talk) 20:03, 6 October 2009 (UTC)

White Collar Crime?
Could this be removed from the list of related articles? It makes the crimes these pieces of human waste are committing seem lesser. It needs to be made clear that these individuals are hardcore criminals and that many of them have committed crime in the offline world too. 203.100.212.17 (talk) 04:59, 24 April 2010 (UTC)

talk page
good day ! here im .........you need a holiday!! MiszaBot I (talk) 10:59, 1 November 2010 (UTC) —Preceding unsigned comment added by 41.153.48.11 (talk) 14:19, 31 October 2010 (UTC)

Spear phishing cite note 18
Now doesn't link to an explanation of the 'spear' bit... —Preceding unsigned comment added by 20.133.0.13 (talk) 12:58, 28 March 2011 (UTC)

File:Presentation Image Grid 1 JPG.jpg Nominated for speedy Deletion
An image used in this article,, has been nominated for speedy deletion at Wikimedia Commons for the following reason: Copyright violations Speedy deletions at commons tend to take longer than they do on Wikipedia, so there is no rush to respond. If you feel the deletion can be contested then please do so (commons:COM:SPEEDY has further information). Otherwise consider finding a replacement image for this article before it is deleted.
 * What should I do?

A further notification will be placed when/if the image is deleted. This notification is provided by a Bot, currently under trial --CommonsNotification (talk) 03:25, 6 May 2011 (UTC)

File:Presentation_Image_Grid_1_JPG.jpg Nominated for speedy Deletion
Clergé. Ensemble des prêtres et des religieux .Les moines, les religieuses, les évêques font partie du clergé. --109.210.100.67 (talk) 20:05, 9 December 2011 (UTC)

Battle.net and RUnescape phishing
Runescape and Battle.net are commonly phished. Right-clicking can be handy to counter both. Blizzard (BN) case: Phisher's text was a broken URL that, when copied and pasted into browser, led to an error message. Runescape phishers used Flash. Again, Right-clicking anywhere other than text fields can help discern a Flash module. Many legitimate emails now do not ask to click a link, but tell the user how to reach the needed feature of the website (such as personal messages zone) It is always worth trying to reach the supposed origin website manually rather than using in-email links. — Preceding unsigned comment added by Yura87 (talk • contribs) 20:49, 26 December 2012 (UTC)

Edit Request 2013.2.5
Please delete category 'Computer crimes', and add cat 'Cybercrime'. Cat 'Computer crimes' should not include any cybercrimes (since Cat cybercrime is a subcat of 'Computer crimes').76.103.213.6 (talk) 23:08, 5 February 2013 (UTC)

Oxford and Google Docs
This edit, completely removing well-sourced material, seems inappropriate; no substantial reason rooted in policy supports removal of the well-sourced material. User:Fred Bauder Talk 16:33, 20 February 2013 (UTC)
 * In fact I gave three reasons rooted in best practice ("policy"). Firstly, the paragraph is poorly written; "however intelligent and sophisticated users at Oxford University may be when engaged in their chosen field of study, the tens of thousands of users of the university's network proved easy targets for phishing" is at best coat-racking/journalistic (indeed, it is a paraphrase of the source) and at worst just plain insulting (though I would say that). Secondly, the subsection does not fit within the section in which it was placed, which has an emphasis on history rather than more recent phishing attempts, though that distinction could be better recognised. Thirdly, as I highlighted, the quality of the reference is unimportant: the balance is all wrong. One sentence in the recent attempts section perhaps; another in a place where a better founded point about the link between intelligence and falling for phishing, maybe. But where it was, and at the length it was? No. In any case, I appreciate the BRD.- Jarry1250 [Vacation needed] 17:19, 20 February 2013 (UTC)

Stale References
I didn't find a better reference but ^ "HSBC Security and Fraud Center – Phishing Scams, Fraud Protection". Hsbcusa.com. Retrieved 2012-09-09. Is stale. Maybe https://security.berkeley.edu/content/anti-phish-tip-3 or something similar. — Preceding unsigned comment added by Dashawn888 (talk • contribs) 18:32, 4 November 2013 (UTC)

Etymology
I doubt the word decends from "password" and fishing", instead "pishing" and "fishing" is more senseful: pishing (or squeaking) is "A North American term for the practice of attempting to attract passerine birds close to the observer by noisily sucking air through pursed lips or loudly kissing the back of the hand." This should be added.--Mideal (talk) 16:19, 6 March 2013 (UTC)
 * Got a source for that? - Jarry1250 [Vacation needed] 23:40, 15 March 2013 (UTC)
 * Took some time, but finally i found those bird watchers websites:. See and  and don't believe it, but then find this book at Amazons and also Pish. Funny, but in German we also read the commonly used (wrong) definition "from: Passwort harvesting fishing").--Mideal (talk) 12:13, 18 November 2014 (UTC)

I'm not very keen on the unreferenced explanation that is currently live. " ..... Since the symbol looked like a fish, and due to the popularity of phreaking it was adapted as 'Phishing'." Can anyone help with source, a reference or a better story than this?

86.169.157.180 (talk) 16:32, 17 December 2014 (UTC) Mike

Do people really not know the Etymology? It comes from the 80's when people did Phreaking over phones, leading it to be "in vogue" to prefix hackerish things starting with "f" with "ph" instead. — Preceding unsigned comment added by 120.151.160.158 (talk) 00:44, 16 February 2015 (UTC)

"leetspeak"
Taking out the leetspeak comment at the beginning of the article because substituting "ph" for "f" is something that existed long before leetspeak.

Change I'm requesting
On the page at the bottom there is a box with the 'articles on spamming links' all in it, separated into a few main categories, yet some of the links are split over two lines and it's hard to tell which heading they go with. Could someone please expand the width of the box so that each topic's links take up only one line, it would make navigation and understanding easier, for me, and I think for others as well. Thank-you —Preceding unsigned comment added by 69.199.27.204 (talk • contribs) 21:24, 3 July 2006

AlMac Comments

 * 1) Security measures against one threat can make you more vulnerable to others, so perhaps there needs to be better linkage to other families of computer security threats.
 * 2) The Phishing article is part of the Spamming series and is in Categories including Internet Fraud.  Perhaps there should be "See also" or some kind of linking to other related Personal Computer Security topics.
 * 3) Computer Viruses
 * 4) Reasons for having a Firewall
 * 5) Notion that most software labeled as Anti-Spyware is in fact Spyware.
 * 6) All of this rightfully belongs in separate Wiki articles.  All I am trying to say here is that the linkage to these other topics could perhaps be improved from the Phishing article.
 * 7) As a newbie, the first thing I tried to work on was Security breaches.
 * 8) I had barely started keying in plans for a much larger contribution, when I was informed that I was in violation of POV.
 * 9) I stepped back and tried to repair that, only to realize that my writing was severely hurt by the process.
 * —The preceding comment was added on 13:09, 5 July 2005.

Section removed
I removed the following unsourced, unencyclopedic section.

Assessment comment
Substituted at 15:34, 1 May 2016 (UTC)

Spear phishing
Perhaps it would be a good idea to phishing into two articles with one on the generic topic of phishing while the other relates to spear phishing.

If preferred it could be expanded rather then creating another article.

FockeWulf FW 190 (talk) 19:57, 24 March 2016 (UTC)

Broken Link
Link 130 is broken and redirects to what appears to be the homepage of a website instead of an article on the website, probably due to a rearrangement of where/how pages are stored or accessed. — Preceding unsigned comment added by 86.185.222.233 (talk) 17:04, 14 April 2016 (UTC)

Chart "Total number of unique phishing reports (campaigns) received"
Hello Wikipedia Editors,

The chart titled "Total number of unique phishing reports (campaigns) received" is a bit outdated. The information ends in the month of September 2015, leaving October-December 2015 and January-March 2016 (every month since October 2015) out.

Just noting that the information should be updated once again.

Thanks for reading, KnowledgeIsGoodForYou (talk) 00:38, 14 April 2016 (UTC)
 * Updated. - Offnfopt (talk) 03:24, 6 June 2016 (UTC)

Merger proposal
I propose that Page hijacking be merged into Phishing. I think that the content in the Page hijacking article can easily be explained in the context of Phishing, and the Phishing article is of a reasonable size that the merging of Page hijacking will not cause any problems as far as article size or undue weight is concerned. FockeWulf FW 190 (talk) 22:12, 24 May 2016 (UTC)
 * Declined. Those are two separate topics. Page hijacking can be used for website defacement or malware delivery. Also, the merger proposal was based on inaccurate content on the page hijacking article that has been removed. Jesse Viviano (talk) 19:11, 11 September 2016 (UTC)

What is the actual worldwide impact of phishing?
The first paragraph of the lede cites a 2014 Microsoft study claiming the worldwide impact of phishing could be as high as US$5 billion. There are two issues here: a) the information is rather outdated, and b) the executive summary of the actual study (as it is currently available from Microsoft) says $2.4B.

Outdated source
The cited study was performed in 2013 and released in Feb. 2014. Given that phishing attempts have only been increasing over time, it seems reasonable that more recent numbers should be available. A rather brief search yielded some related metrics, such as estimated costs per attempt or business expenditures to protect against attempts and train employees, but a simple, up-to-date, global number eluded me. I could also find no evidence that the Microsoft Computing Safety Index survey was repeated after the cited 2014 release of the 2013 results.

Actual number reported in study
In addition to the news.biharprabha.com article currently being cited, a number of other contemporaneous articles (Google search) repeat the same $5 billion impact claim. However, the study's executive summary and the identically-named file in the entire study results both contain the following sentence: "The worldwide impact of phishing could be as high as 2.4 billion USD, recovering from identity theft totals 2.6 billion USD, and repairing peoples’ professional reputations costs nearly 4.5 billion USD." It would seem that the $5B value was revised at some point following its initial release and subsequent news coverage, but I have been so far unable to find any admission of this, by Microsoft or anyone else. This just further underscores the need for a better, and more updated, source.

DadOfBeanAndBug (talk) 23:04, 21 May 2017 (UTC)

External links modified
Hello fellow Wikipedians,

I have just modified 16 external links on Phishing. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
 * Added archive https://web.archive.org/web/20050823111335/http://www.shmoo.com/idn/homograph.txt to http://www.shmoo.com/idn/homograph.txt
 * Added archive https://www.webcitation.org/5w9Z2iACi?url=http://www.fraudwatchinternational.com/phishing-fraud/phishing-web-site-methods/ to http://www.fraudwatchinternational.com/phishing-fraud/phishing-web-site-methods/
 * Added archive https://www.webcitation.org/5w9Z4mv7k?url=http://blog.washingtonpost.com/securityfix/2006/06/flaws_in_financial_sites_aid_s.html to http://blog.washingtonpost.com/securityfix/2006/06/flaws_in_financial_sites_aid_s.html
 * Added archive https://web.archive.org/web/20070328150301/http://www.techweb.com/wire/security/186701001 to http://www.techweb.com/wire/security/186701001
 * Added archive https://www.webcitation.org/5w9YV2fuL?url=http://www.rajuabju.com/warezirc/historyofaolwarez.htm to http://www.rajuabju.com/warezirc/historyofaolwarez.htm
 * Added archive https://www.webcitation.org/5w9YVyMYn?url=http://itmanagement.earthweb.com/secu/article.php/3451501 to http://itmanagement.earthweb.com/secu/article.php/3451501
 * Corrected formatting/usage for https://www.irs.gov/newsroom/article/0,,id=155682,00.html
 * Corrected formatting/usage for https://www.theguardian.com/world/2014/jan/27/hackers-israeli-defence-ministry-computers
 * Corrected formatting/usage for http://www.millersmiles.co.uk/
 * Added archive https://web.archive.org/web/20110406114742/https://www.paypal.com/us/cgi-bin/webscr?cmd=_vdc-security-spoof-outside to https://www.paypal.com/us/cgi-bin/webscr?cmd=_vdc-security-spoof-outside
 * Added archive https://web.archive.org/web/20051130031140/http://www.zdnetindia.com/news/features/stories/126569.html to http://www.zdnetindia.com/news/features/stories/126569.html
 * Added archive https://web.archive.org/web/20090107043554/http://blog.anta.net/2008/11/09/social-networking-site-teaches-insecure-password-practices/ to http://blog.anta.net/2008/11/09/social-networking-site-teaches-insecure-password-practices/
 * Added archive https://web.archive.org/web/20061116184842/http://blog.washingtonpost.com/securityfix/2006/08/using_images_to_fight_phishing.html to http://blog.washingtonpost.com/securityfix/2006/08/using_images_to_fight_phishing.html
 * Added archive https://web.archive.org/web/20061110132337/http://blog.washingtonpost.com/securityfix/2006/07/citibank_phish_spoofs_2factor_1.html to http://blog.washingtonpost.com/securityfix/2006/07/citibank_phish_spoofs_2factor_1.html
 * Corrected formatting/usage for http://www.antiphishing.org/solutions.html
 * Added archive https://archive.is/20130414135047/http://consumerscams.org/scam_safety_tips/how_to_report_phishing_scam to http://consumerscams.org/scam_safety_tips/how_to_report_phishing_scam
 * Added tag to http://www.antiphishing.org/

When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.

Cheers.— InternetArchiveBot  (Report bug) 05:43, 11 December 2017 (UTC)