Phishing is a form of internet fraud. It consists of lighting up people by luring them to a fake website, which is a copy of the real website, to let them – unsuspectingly – log in with their login name and password or their credit card number. This gives the fraudster access to these data with all the consequences. The fraudster pretends to be a trusted authority, such as a bank. Most forms of phishing happen via e-mail. The victims are hereby lured to this fake website by e-mail. The mail contains a link to the (fake) website with the request to “check the login details”.
With phishing, URL spoofing is often used. This is mimicking the URL of a bank, for example, so that the user thinks to visit the real site, while the URL is that of the cheater.
Internationalized domain names
Since the use of the IDN (Internationalized domain name) system, in which non-ASCII characters can be used in domain names, phishing can use this by simulating a real domain name with equivalent foreign characters, so that the user does not notice that the address is not right.
Even with an ordinary ASCII URL, cheating can be done: the address www.googIe.com, where the lowercase letter l has been replaced by a capital letter i (I), is very similar to www.google.com, and it can be depending on the font, even the exact same look.
Most banks today use an Extended Validation certificate: in modern Internet browsers the first part of the address bar is displayed with a green background, so that the user is sure that he is on the real page.
Usually the victim receives an email asking him to check and confirm his account with a bank, for example. There is also use of instant messaging, sometimes telephone contact is included. Fraudsters make frequent use of fake websites from financial institutions, eBay and PayPal. Phishing is difficult to find out, people on the internet have to pay attention and never respond to a mail request asking for personal (financial) data; such as bank account number, PIN code, BSN or credit card details. The first case of phishing dates back to 1996.