Phishing email scams are increasingly prevalent in our digital world. According to the Anti-Phishing Working Group, over 90,000 unique phishing campaigns were reported between April and June in 2018. Identifying these attacks is becoming increasingly difficult but not impossible.
What is Phishing?
According the dictionary, phishing (/ˈfiSHiNG/) is “the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.” The name is a play off the concept of “baiting” an individual for the personal or financial account data the cyber attacker is seeking to use to perpetrate financial fraud.
The cyber crime begins when the receiver has been sent emailed spam. This deceptive email has a link to a fraudulent website (URL) that is impersonating the legitimate website where the individual unintentionally discloses credit, personal or sensitive data, such as usernames and passwords.
Phishing attacks have now evolved to include social media, text, SMS, Skype, Messenger, and other messaging services where phishing URLs are embedded into posts or comments.
Using Social Engineering to Dupe
Most social engineering messages are beneficial, such as a public service announcement to get a flu shot. Cyber criminals will typically attempt to use them to gather your online banking username and password or your social security number but their correspondence often has an emotional component designed to influence you to act in haste.
For example, an email notice informs you that your credit card has been suspended due to suspicious activity or you have been notified that you have won an item or the lottery. This is the “lure.” The hope is that you will take the action indicated within the notice. Click on the link in the text or email, or call the number listed.
The link is the “hook.” It will takes you to a fraudulent site that impersonates your bank’s login page. The hope is that you will submit your account credentials or personal information to sell or use to fraud you.
Features of Phishing Emails
Phishing emails have some common features to you can use to identify the trick.
- If it is too good to be true, it probably is. Did you win a house, a new car, or new smartphone? Cyber criminals are excellent marketers of false hoods. They know how to catch your attention with amazing offers and attention-grabbing headlines. If it looks suspicious, don’t click on it.
- If you need to act fast because time is limited with bare minutes left, it’s best to let it go. Most organizations are going to give you the time to need to resolve issues with your account. They won’t terminate or suspend you with ample notice. They don’t need your login information to their own account. If they are legitimate, they already have what they need to help resolve the issue. They are not going to need you to update your personal details over the internet. When in doubt, contact the source directly.
- Hovering your mouse over the link will show you the URL that is actually embedded within the email. Does it contain a misspelled word? Is is directing you where you think it should? Is it www.bankofarnerica.com or www.bankofamerica.com? Look carefully.
- An unexpected attachment or software updates often contain payloads like ransomware or other viruses. If you were not awaiting the document or aware of the software update, don’t click on it. If it is legitimate, it can wait until you can check it out.
- If it seems out of the ordinary from someone you know or something completely unexpected, out of character or suspicious, don’t open it. Trust your gut.
What You Can Do to Prevent Phishing Attacks
There are measures that you can do to prevent problems with phishing attacks, which we will cover in another post. Or you can contact Think of I.T. Computer Services for assistance. We would be happy to help.
Want the Inside Scoop?
Join the Business Technology Community!