FAQ

This page serves to answer commonly asked questions about terminology, the phishing scams, and our group. If your questions are not answered here, feel free to Contact Us, and we will try our best to give you an answer.

Definitions

419 Scam

A scam where someone pretends to be a wealthy foreigner who wants help moving a large amount of money overseas. Usually, the scammer requests bank account information to pay for fees supposedly incurred in the large-sum transfer. The large sum transfer never happens and the victim is taken for as much 'fee' money as possible.

Anti-virus Software

Computer software that attempts to locate, disable and remove from a computer any malicious software (such as viruses and worms).

Authentication Token

A security device carried by an authorized user. The device has a changing value or a secret algorithm that cannot be copied -- thus requiring a valid token to be possessed by whomever wants to authenticate.

Click-fraud

Artificially generating income from click-based advertising systems by simulating clicks that don't really occur, or by causing real clicks that aren't due to actual interest in the advertising content.

DNS poisoning

Injecting bad data into a domain name server's cache in order to change (for users of that server) the destination a domain resolves to. A phisher may poison DNS at a university to cause all university-originating traffic to go to his server instead of a bank's.

DNS server

A server that translates DNS names (such as stop-phishing.com) into an IP address that is actually used for communication on the Internet.

Favicon

The small icon displayed next to a URL in the address bar of a browser. Phishers can place a 'lock' icon here to pretend the connection is secure, or they can set this icon appropriately to mimic a real site.

Gartner estimate

An estimate provided by a well-renowned research firm named Gartner

IP address

A set of four numbers from 1-255 separated by periods (.) that are used to identify each computer on a network. (Example: 129.79.247.191). An IP address instead of a Domain Name (like bank.com) can be used in a phishing URL to hide the fact that a given website is not legitimate. In a pharming attack, the IP address returned by a DNS server is changed to direct victims to a phisher's site.

Keyboard logger

Also known as 'keylogger', a piece of software (or hardware) that records all keys pressed on a computer's keyboard. Often, keyloggers will report the sequence of keys to an 'owner' of the malicious logger.

Lock icon

A small padlock icon displayed by a web browser to indicate that the browser has established a secure connection to the currently loaded website. This suggests to the user that nobody can 'eavesdrop' on their communications with the server.

Malware

Malicious software such as a virus, worm, trojan horse, or spyware that is installed on a system with harmful or malicious intent

Man-in-the-middle (MITM)

An attack where a third party relays all messages back and forth between a client and server. During the attack, messages may be changed or simply recorded for later use.

Pharming

In computer security, this is an attack where an attacker compromises domain name values and redirects many people to the wrong IP for a given domain. Often this is accomplished with DNS poisoning or by modifying the hosts files on peoples' computers.

Phishing

Tricking someone into giving up private data by masquerading as an authority. This is mostly accomplished using email or instant messages, directing the recipient to a fraudulent website that appears legitimate.

Phishing IQ test

A test where emails are displayed to a participant who is then asked to classify each as fraud or real. Usually these tests are used to illustrate the difficulty of identifying phishing emails.

SSL Post

A form submission that originates from an unencrypted 'http' page but posts to an encrypted page (https). Encryption only occurs in this case after the submission button is pressed.

Screen scraper

Software that analyzes the graphics displayed on a computer screen and translates displayed images into text.

Secure Sockets Layer (SSL)

A communication protocol developed by Netscape that is used to establish cryptographically secure communications between a client (usually a web browser) and server.

Signature-based malware detection

A method of detecting malware that identifies malware by analyzing behavior of software, configuration and software patterns.

Spear phishing

This (a.k.a. context-aware phishing) is to phishing what targeted advertising is to advertising. Namely, in spear phishing, the attacker infers or manipulates the context of his intended victim, and then "personalizes" his attack.

Spoofed email

Assuming the identity of another person while sending email; often used to disguise the actual sender of a message.

Spyware

Malware installed on a computer that covertly gathers information about the computer's user.

Subdomain

A subdivision of a master domain, e.g. 'cs' in cs.indiana.edu and 'informatics' in informatics.indiana.edu

Synthetic identity fraud

Posing as someone using identity that is completely fabricated -- making up a new identity and assuming it.

Yield (phishing)

The percentage of targets in a scam that fall victim. If email asking for credit card details is sent to 100 people and 2 of them respond, yield is 2%.