Phishing

Phishing is used to describe a harmful individual or group of individuals who cheat users by sending emails or creating web pages that are intended to collect an individual’s online bank, credit card or other login information.  The emails and web pages look official that’s why users trust them and input their personal information.

Phishing is a form of deception in which an attacker disguises as a decent entity or person in email or other communication channels.  The attacker uses phishing emails to distribute malicious links or attachments that can execute a variety of functions, like extraction of login credentials or account information from victims.

Phishing is prevalent with cybercriminals, as it is far easier to trick someone into clicking a malicious link in a seemingly legitimate phishing email than trying to break through a computer’s defenses.

How Phishing Works

Phishing attacks typically count on social networking techniques used in email or other electronic communication methods, like direct messages sent over social networks, SMS text messages and other instant messaging modes.

Phishers may use social engineering and other public sources of information, like social networks to gather background information about the victim’s personal and work history, his interests and his activities.

Prior to the phishing attack, they can get names, job titles and email addresses of potential victims, as well as information about their colleagues and the names of key employees in their organizations.  This information is then used to create a realistic email.

Ways to Identify Phishing Emails

• Company – The emails are sent out to thousands of different email addresses.  If you have no connection with the company the email address is supposedly coming from, it is bogus.
• Spelling and grammar – Misspelled words and incorrect grammar are almost always a dead giveaway.  Look for apparent errors.

• No reference to account information – If the company is informing you of errors on your account, it would use your account or username as a reference in the email.
• Deadlines – Email requires an immediate response or sets a specific deadline.
• Links – Often the email will list a URL that is not connected to the company’s URL.

Ways to Handle a Suspicious Email

• Never click any links in an email.  Instead of clicking the link in the email, visit the page by manually typing the address of the company.
• Never send any personal information through email.  If a company is requesting personal information about your account or is telling that your account is invalid, visit the web page and log into the account as you normally would.
• If you are still concerned about your account or are concerned about your personal information, contact the company directly, either through their email address or over the phone.

Issues Phishing Emails Commonly Address

• Account issues: account or password expiring, account being hacked, account out-of-date or account information that needs to be updated.
• Credit card or other personal information: credit card expiring or being stolen, incorrect social security number or other personal information or duplicate credit card or other personal information.
• Confirming orders: a request that you log in to confirm recent orders or transactions.

Common Companies Affected by Phishing

• Major banks
• Popular websites
• Government
• Internet service providers
• Casinos and lottery
• Online dating or community websites

What to do when you have fallen for a Phishing Attack?

• Log into your account using the company page and change your password immediately.
• Scan your computer in order to identify malware in case your computer has been infected.
• If the company supports two-factor authentication, enable this feature on your account.
• If you believe your personal information has been stolen, watch all of your accounts for suspicious activity.