What is Email Phishing?

Phishing email scams are increasingly prevalent in our digital world. According to the Anti-Phishing Working Group, over 90,000 unique phishing campaigns were reported between April and June in 2018. Identifying these attacks is becoming increasingly difficult but not impossible.

What is Phishing?

According the dictionary, phishing (/ˈfiSHiNG/) is “the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.” The name is a play off the concept of “baiting” an individual for the personal or financial account data the cyber attacker is seeking to use to perpetrate financial fraud. 

The cyber crime begins when the receiver has been sent emailed spam. This deceptive email has a link to a fraudulent website (URL) that is impersonating the legitimate website where the individual unintentionally discloses credit, personal or sensitive data, such as usernames and passwords.

Phishing attacks have now evolved to include social media, text, SMS, Skype, Messenger, and other messaging services where phishing URLs are embedded into posts or comments.

Using Social Engineering to Dupe

Most social engineering messages are beneficial, such as a public service announcement to get a flu shot. Cyber criminals will typically attempt to use them to gather your online banking username and password or your social security number but their correspondence often has an emotional component designed to influence you to act in haste.

For example, an email notice informs you that your credit card has been suspended due to suspicious activity or you have been notified that you have won an item or the lottery. This is the “lure.”   The hope is that you will take the action indicated within the notice. Click on the link in the text or email, or call the number listed.

The link is the “hook.” It will takes you to a fraudulent site that impersonates your bank’s login page. The hope is that you will submit your account credentials or personal information to sell or use to fraud you.

Or it will instruct you to install malware or ransomware.

Features of Phishing Emails

Phishing emails have some common features to you can use to identify the trick.

  • If it is too good to be true, it probably is. Did you win a house, a new car, or new smartphone? Cyber criminals are excellent marketers of false hoods. They know how to catch your attention with amazing offers and attention-grabbing headlines. If it looks suspicious, don’t click on it.
  • If you need to act fast because time is limited with bare minutes left, it’s best to let it go. Most organizations are going to give you the time to need to resolve issues with your account. They won’t terminate or suspend you with ample notice. They don’t need your login information to their own account. If they are legitimate, they already have what they need to help resolve the issue. They are not going to need you to update your personal details over the internet. When in doubt, contact the source directly.
  • Hovering your mouse over the link will show you the URL that is actually embedded within the email. Does it contain a misspelled word? Is is directing you where you think it should?  Is it www.bankofarnerica.com or www.bankofamerica.com? Look carefully.
  • An unexpected attachment or software updates often contain payloads like ransomware or other viruses. If you were not awaiting the document or aware of the software update, don’t click on it. If it is legitimate, it can wait until you can check it out.
  • If it seems out of the ordinary from someone you know or something completely unexpected, out of character or suspicious, don’t open it. Trust your gut. 

What You Can Do to Prevent Phishing Attacks

There are measures that you can do to prevent problems with phishing attacks, which we will cover in another post. Or you can contact Think of I.T. Computer Services for assistance. We would be happy to help.

Domain Spoofing:  What you need to know!

Domain Spoofing: What you need to know!

Domain spoofing, is a common form of cyber crime called phishing. It occurs when an attacker appears to use a company’s domain to impersonate a company or one of its employees. This can be done by sending emails with false domain names which appear legitimate, or by...

Prepare for Windows 7 End of Life

Prepare for Windows 7 End of Life

Change comes slowly in the world of business. Usually it is the expense and time-consuming process of update and upgrade computing devices that prevent many from addressing aging systems. However, for many users of Microsoft Windows 7, the time is running...

Want the Inside Scoop?

  Join the Business Technology Community!