What is Email Phishing?

by | 02 Nov 2018 | Information Technology

Phishing email scams are increasingly prevalent in our digital world. According to the Anti-Phishing Working Group, over 90,000 unique phishing campaigns were reported between April and June in 2018. Identifying these attacks is becoming increasingly difficult but not impossible.

What is Phishing?

According the dictionary, phishing (/ˈfiSHiNG/) is “the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.” The name is a play off the concept of “baiting” an individual for the personal or financial account data the cyber attacker is seeking to use to perpetrate financial fraud. 

The cyber crime begins when the receiver has been sent emailed spam. This deceptive email has a link to a fraudulent website (URL) that is impersonating the legitimate website where the individual unintentionally discloses credit, personal or sensitive data, such as usernames and passwords.

Phishing attacks have now evolved to include social media, text, SMS, Skype, Messenger, and other messaging services where phishing URLs are embedded into posts or comments.

Using Social Engineering to Dupe

Most social engineering messages are beneficial, such as a public service announcement to get a flu shot. Cyber criminals will typically attempt to use them to gather your online banking username and password or your social security number but their correspondence often has an emotional component designed to influence you to act in haste.

For example, an email notice informs you that your credit card has been suspended due to suspicious activity or you have been notified that you have won an item or the lottery. This is the “lure.”   The hope is that you will take the action indicated within the notice. Click on the link in the text or email, or call the number listed.

The link is the “hook.” It will takes you to a fraudulent site that impersonates your bank’s login page. The hope is that you will submit your account credentials or personal information to sell or use to fraud you.

Or it will instruct you to install malware or ransomware.

Features of Phishing Emails

Phishing emails have some common features to you can use to identify the trick.

  • If it is too good to be true, it probably is. Did you win a house, a new car, or new smartphone? Cyber criminals are excellent marketers of false hoods. They know how to catch your attention with amazing offers and attention-grabbing headlines. If it looks suspicious, don’t click on it.
  • If you need to act fast because time is limited with bare minutes left, it’s best to let it go. Most organizations are going to give you the time to need to resolve issues with your account. They won’t terminate or suspend you with ample notice. They don’t need your login information to their own account. If they are legitimate, they already have what they need to help resolve the issue. They are not going to need you to update your personal details over the internet. When in doubt, contact the source directly.
  • Hovering your mouse over the link will show you the URL that is actually embedded within the email. Does it contain a misspelled word? Is is directing you where you think it should?  Is it www.bankofarnerica.com or www.bankofamerica.com? Look carefully.
  • An unexpected attachment or software updates often contain payloads like ransomware or other viruses. If you were not awaiting the document or aware of the software update, don’t click on it. If it is legitimate, it can wait until you can check it out.
  • If it seems out of the ordinary from someone you know or something completely unexpected, out of character or suspicious, don’t open it. Trust your gut. 

What You Can Do to Prevent Phishing Attacks

There are measures that you can do to prevent problems with phishing attacks, which we will cover in another post. Or you can contact Think of I.T. Computer Services for assistance. We would be happy to help.

Outlining Your Business Roadmap for 2019

Outlining Your Business Roadmap for 2019

"Failing to plan is planning to fail" is a popular quote attributed to Benjamin Franklin, the father of time management. Planning your business road map is difficult task for many business owners.  It's an often-overlooked necessity. Absence of planning causes...

Identifying Email Spam and/or Email Scams

Identifying Email Spam and/or Email Scams

The unfortunate reality of modern technology is that no matter what technology you have blocking your inbox from malicious emails, there are a few that will make it through. The key to protecting your information technology systems is to educate your employees on how...

More On-Page SEO Factors to Consider

More On-Page SEO Factors to Consider

The more technical components of on-page search engine optimization (SEO) factors that are are good to know. These technical features sometimes effect the way pages are designed and navigated. It is how your website communicates to search engines. Structured Data...

Want the Inside Scoop?

  Join the Business Technology Community!