Phishing is a term used to describe a harmful individual, or group of individuals, that cheats users by sending emails or creating web pages that are intended to collect an individual’s online bank, credit card, or other login information. The emails and web pages look official, which is why users trust them and voluntarily part with their personal information.
Phishing is a form of deception in which an attacker disguises themselves as a decent entity, or as a regular person through email or other communication channels. The attacker uses phishing emails to distribute malicious links or attachments that can execute a variety of functions, like extracting login credentials and account information from various victims.
Phishing is popular among cybercriminals, as it is far easier to trick someone into clicking a malicious link in a seemingly legitimate phishing email than to attempt to break through a computer’s defenses.
How Phishing Works
Phishing attacks typically count on social networking techniques used in email or other electronic communication methods—like direct messages sent over social networks, SMS text messages, and other instant messaging formats.
Phishers may use social engineering and other public sources of information, like social network data, to gather background information about the victim’s personal and work history, as well as their interests, hobbies, and activities.
Prior to the phishing attack, hackers can discover names, job titles and email addresses of potential victims, in addition to information about their colleagues and the names of key employees in their organizations. This information is then used to create a realistic email.
Ways to Identify Phishing Emails
- Company – The emails are sent out to thousands of different email addresses. If you have no connection with the company the email address is supposedly coming from, it can only be bogus.
- Spelling and grammar – Misspelled words and incorrect grammar are almost always a dead giveaway. Look out for errors that a professional outfit wouldn’t make.
- No reference to account information – If the company is informing you of errors on your account, it would use your account or username as a reference in the email. If there’s no direct reference to your account information present in the email, chances are it’s a phishing attempt.
- Deadlines – Fraudulent emails often require an immediate response, or set a specific, fast-approaching deadline.
- Links – Often the email will include a link to a URL that is not connected to the company’s URL.
Ways to Handle a Suspicious Email
- Never click any links in an email. Instead of clicking the link in the email, visit the page by manually typing in the address of the company. This is time-consuming, but well worth the effort.
- Never send any personal information through email. If a company is requesting personal information about your account—or is telling that your account is invalid—visit the web page and log into the account as you normally would.
- If you are still worried about your account, or have concerns about your personal information, contact the company directly, either through their email address or over the phone.
Issues Phishing Emails Commonly Address
- Account issues: things like your account or password expiring; notices of your account having been hacked; references to out-of-date account information that you need to update.
- Credit card or other personal information: being told that your credit card is expired, or is being stolen; mention of incorrect social security numbers or other personal information; unsolicited discussion of the possibility of a duplicate credit card, or other personal information.
- Confirming orders: a request that you log in to confirm recent orders or transactions.
Common Companies Affected by Phishing
- Major banks
- Popular websites
- Internet service providers
- Casinos and lottery
- Online dating or community websites
What to do when you have fallen for a Phishing Attack?
- Log into your account using the company page and change your password immediately.
- Scan your computer in order to identify malware, in case your computer has become infected before you got a chance to change your password.
- If the company supports two-factor authentication, enable this feature on your account.
- If you believe your personal information has been stolen, watch all of your accounts for suspicious activity, and report any incongruous purchases to your bank, who often have specific cybercrime units in place in order to mitigate the damage as much as possible.