Phishing = fishing + phreaking
I was reading this article Phishing ANZ customers and so I started to think more about phishing and doing a bit of research on the past “phishing classics”.
Now, I am not a security engineer, so dont expect me to give you all the security tips and tricks. When I was in my first days of college, I always wanted to become one. May be one day I will get there. I was very much impressed by firewalls. Infact I even did a tech-talk on that topic.
So, to keep ourselves restricted to the scope of this post 
‘phishing’ , which the term might have arised from fishing + phreaking, means impersonating something/someone else and tricking customers for financial advantages or to obtain user credentials.
Phishing can be done in different ways, for example the news article that I have referred to in SMH speaks about a technique where the users get an email with some text and a link. The email content usually will give a legitimate impression to the user. The link will be to a site that impersonates the original site (in this case ANZ) and might request the user to login and thus can get the user credentials. In ANZ instance, the email went around to the bank customers and it contained a link to a site whose url, look and feel and content was very similar to the ANZ’s. It had login prompt where the users entered their customer number and their pin. So the phishers now got access to this sensitive data!!
Phishing techniques include using a seemingly legitimate link text or impersonating the look and feel of the site along with its url. After a few anti-phishing techniques have been developed to identify the most common phishing link text, many of the ‘phishers’ started using images to overcome them.
Quite interestingly, there is no effective way to stop phishers. I think it depends mostly on how the financial institution, banks and organisations educate their customers to not use any links from the emails or any other sources. They should be declaring their official sites to the public to avoid any mis-communication.
Apart form that there are also a couple of tools like Google’s SafeBrowsing for Firefox and NetCraft Anti-Phishing Toolbar that can help the users in detecting the possibly phishing sites.
There is also a standard called DKIM, which stands for DomainKeys Identified Mail (a merger of two protocols: DomainKeys, which was created by Yahoo!, and Identified Internet Mail, which was created by Cisco), that allows an organization to cryptographically sign outgoing e-mail to verify that it sent the message. Though this standards does not provide a 100% fool-proof solution to phishing, it atleast is working towards enhancing the user’s trust in email due to cryptographic signature in outbound e-mail that is associated with its domain name.
So, be aware of this technique and enter in the data only when you trust the source and you know that it is 100% official.