The word phishing has been derived from ‘fishing’. The idea of phishing is similar to
that of fishing, where a bait is thrown to an unsuspected user, in order to lure him to visit
a fictitious website, where the site captures the personal and confidential data of the
user (James, 2006). In most cases, the bait is either an e-mail or an instant messaging
site, which will take the user to hostile phishing websites, mostly to an exact replica of a
financial institution’s website (Knight, 2005). The fake website will have similar look
and feel of the original one and will be asking for the sensitive information like user
name, password, credit card details, etc. When the victim (user) enters the information,
the data is sent to the fraudster who thereby uses the same for his personal gain. Phishing
has become the most common channel for thieves to acquire personal information to aid
them in identity theft (Brody et al., 2007; and Anderson et al., 2008).
Studies show a steady increase in phishing activities as well as the related cost.
APWG in their annual report published in October 2010 reported 48,244 phishing
attacks in that last 12 months (APWG, 2010). PhishTank, the online website which
collects data on websites engaged in phishing, received 8,468 valid submissions of
phishing websites only in the month of October 2010 (PhishTank, 2010). According
to Gartner (2010), more than 5 million US consumers lost money due to phishing
attacks between October 2007 and September 2008, about 40% increase since last
year. Table 1 gives a year-wise summary of phishing incidents handled by the Indian
Computer Emergency Response Team (Cert-In) in India (CERT, 2011).
|