Ver:
·
http://en.wikipedia.org/wiki/Phishing
Método de
ataque que busca obtener información personal o confidencial de los usuarios
por medio del engaño o la picaresca, recurriendo a la suplantación de la
identidad digital de una entidad de confianza en el ciberespacio.
Phishing es
la denominación que recibe la estafa cometida a través de medios telemáticos
mediante la cual el estafador intenta conseguir, de usuarios legítimos,
información confidencial (contraseñas, datos bancarios, etc) de forma
fraudulenta.
El estafador
o phisher suplanta la personalidad de una persona o empresa de confianza para
que el receptor de una comunicación electrónica aparentemente oficial (vía
e-mail, fax, sms o telefónicamente) crea en su veracidad y facilite, de este
modo, los datos privados que resultan de interés para el estafador.
http://www.inteco.es/glossary/Formacion/Glosario/
Los ataques
de "phishing" usan la ingeniería social para adquirir
fraudulentamente de los usuarios información personal (principalmente de acceso
a servicios financieros). Para alcanzar al mayor número posible de víctimas e
incrementar as sus posibilidades de éxito, utilizan el correo basura
("spam") para difundirse. Una vez que llega el correo al
destinatario, intentan engañar a los usuarios para que faciliten datos de
carácter personal, normalmente conduciéndolos a lugares de Internet falsificados,
páginas web, aparentemente oficiales, de bancos y empresas de tarjeta de
crédito que terminan de convencer al usuario a que introduzca datos personales
de su cuenta bancaria, como su número de cuenta, contraseña, número de
seguridad social, etc.
http://www.alerta-antivirus.es/seguridad/ver_pag.html?tema=S
An attack in which the
Subscriber is lured (usually through an email) to interact with a counterfeit
Verifier/RP and tricked into revealing information that can be used to
masquerade as that Subscriber to the real Verifier/RP. [NIST-SP800-63:2013]
fraudulent process of
attempting to acquire private or confidential information by masquerading as a
trustworthy entity in an electronic communication
NOTE - Phishing can be
accomplished by using social engineering or technical deception.
[ISO/IEC 27032:2012]
A form of Internet fraud
that aims to steal valuable information such as credit card details, user IDs
and passwords by tricking the user into giving the attacker the confidential
information. [CSS NZ:2011]
Deceiving individuals into
disclosing sensitive personal information through deceptive computer-based
means. [CNSSI_4009:2010]
(D) /slang/ A technique for
attempting to acquire sensitive data, such as bank account numbers, through a
fraudulent solicitation in email or on a Web site, in which the perpetrator
masquerades as a legitimate business or reputable person. (See: social
engineering.)
Derivation: Possibly from
"phony fishing"; the solicitation usually involves some kind of lure
or bait to hook unwary recipients. (Compare: phreaking.)
[RFC4949:2007]
Tricking individuals into
disclosing sensitive personal information through deceptive computer-based
means. [NIST-SP800-83:2005]
An attacker may create and
use e-mails and websites, designed to look like e-mails and websites of
legitimate organisations, in order to deceive users into disclosing personal
data such as usernames and passwords.
A form of criminal activity
using social engineering techniques. Phishers attempt to fraudulently acquire
sensitive information, such as passwords and credit card details, by
masquerading as a trustworthy person or business in an electronic communication.
Phishing is typically carried out using email or an instant message, although
phone contact has been used as well). Attempts to deal with the growing number
of reported phishing incidents include legislation, user training, and
technical measures.
http://en.wikipedia.org/wiki/Phishing
The practice of tricking a
user into giving away personal information such as bank account details by
pretending to be a legitimate business or organisation.
http://www.enisa.europa.eu/
Phishing is the practice of
"fishing" for victims and luring these unsuspecting Internet users to
a fake Web site.
This is accomplished by
using authentic-looking email with the real organization's log with the purpose
being to steal passwords, financial or personal information, or introduce a
virus attack.
http://idtheft.about.com/od/glossaryofterms/Identity_Theft_Glossary_of_Terms.htm
An attempt at identity theft
in which criminals lead users to a counterfeit website in the hope that they will
disclose private information such as user names or passwords.
http://www.getsafeonline.org/
The use of e-mails that
appear to originate from a trusted source to trick a user into entering valid
credentials at a fake website. Typically the e-mail and the web site looks like
they are part of a bank the user is doing business with.
http://www.sans.org/security-resources/glossary-of-terms/