Ver:
·
http://en.wikipedia.org/wiki/Phishing
Método de
ataque que busca obtener información personal o confidencial de los usuarios
por medio del engaño o la picaresca, recurriendo a la suplantación de la
identidad digital de una entidad de confianza en el ciberespacio.
Phishing es
la denominación que recibe la estafa cometida a través de medios telemáticos
mediante la cual el estafador intenta conseguir, de usuarios legítimos,
información confidencial (contraseñas, datos bancarios, etc) de forma
fraudulenta.
El estafador
o phisher suplanta la personalidad de una persona o empresa de confianza para
que el receptor de una comunicación electrónica aparentemente oficial (vía
e-mail, fax, sms o telefónicamente) crea en su veracidad y facilite, de este
modo, los datos privados que resultan de interés para el estafador.
http://www.inteco.es/glossary/Formacion/Glosario/
Los ataques
de "phishing" usan la ingeniería social para adquirir
fraudulentamente de los usuarios información personal (principalmente de acceso
a servicios financieros). Para alcanzar al mayor número posible de víctimas e
incrementar as sus posibilidades de éxito, utilizan el correo basura
("spam") para difundirse. Una vez que llega el correo al
destinatario, intentan engañar a los usuarios para que faciliten datos de
carácter personal, normalmente conduciéndolos a lugares de Internet falsificados,
páginas web, aparentemente oficiales, de bancos y empresas de tarjeta de
crédito que terminan de convencer al usuario a que introduzca datos personales
de su cuenta bancaria, como su número de cuenta, contraseña, número de
seguridad social, etc.
http://www.alerta-antivirus.es/seguridad/ver_pag.html?tema=S
An attack in
which the Subscriber is lured (usually through an email) to interact with a
counterfeit Verifier/RP and tricked into revealing information that can be used
to masquerade as that Subscriber to the real Verifier/RP. [NIST-SP800-63:2013]
fraudulent
process of attempting to acquire private or confidential information by
masquerading as a trustworthy entity in an electronic communication
NOTE - Phishing
can be accomplished by using social engineering or technical deception.
[ISO/IEC
27032:2012]
A form of
Internet fraud that aims to steal valuable information such as credit card
details, user IDs and passwords by tricking the user into giving the attacker
the confidential information. [CSS NZ:2011]
Deceiving
individuals into disclosing sensitive personal information through deceptive
computer-based means. [CNSSI_4009:2010]
(D) /slang/ A
technique for attempting to acquire sensitive data, such as bank account
numbers, through a fraudulent solicitation in email or on a Web site, in which
the perpetrator masquerades as a legitimate business or reputable person. (See:
social engineering.)
Derivation:
Possibly from "phony fishing"; the solicitation usually involves some
kind of lure or bait to hook unwary recipients. (Compare: phreaking.)
[RFC4949:2007]
Tricking
individuals into disclosing sensitive personal information through deceptive
computer-based means. [NIST-SP800-83:2005]
An attacker may
create and use e-mails and websites, designed to look like e-mails and websites
of legitimate organisations, in order to deceive users into disclosing personal
data such as usernames and passwords.
A form of
criminal activity using social engineering techniques. Phishers attempt to
fraudulently acquire sensitive information, such as passwords and credit card
details, by masquerading as a trustworthy person or business in an electronic
communication. Phishing is typically carried out using email or an instant
message, although phone contact has been used as well). Attempts to deal with
the growing number of reported phishing incidents include legislation, user
training, and technical measures.
http://en.wikipedia.org/wiki/Phishing
The practice of
tricking a user into giving away personal information such as bank account
details by pretending to be a legitimate business or organisation.
http://www.enisa.europa.eu/
Phishing is the
practice of "fishing" for victims and luring these unsuspecting
Internet users to a fake Web site.
This is
accomplished by using authentic-looking email with the real organization's log
with the purpose being to steal passwords, financial or personal information,
or introduce a virus attack.
http://idtheft.about.com/od/glossaryofterms/Identity_Theft_Glossary_of_Terms.htm
An attempt at
identity theft in which criminals lead users to a counterfeit website in the
hope that they will disclose private information such as user names or
passwords.
http://www.getsafeonline.org/
The use of
e-mails that appear to originate from a trusted source to trick a user into
entering valid credentials at a fake website. Typically the e-mail and the web
site looks like they are part of a bank the user is doing business with.
http://www.sans.org/security-resources/glossary-of-terms/
Temas relacionados