Gone Phishing

What is phishing?

Phishing is a cyberattack that uses email to scam people. It is pronounced just like the word fishing. The analogy is of a fisherman (criminal) throwing out bait (emails) to catch a fish (victim). It tries to trick you into believing that the message is something you want or need. For example, receiving an email from your bank, or from someone you work with, where the cyber criminal tries to get you to click on a link or download an attachment.

Links attached to emails used for phishing, are meant to look like legitimate websites. These links would look as if they are from companies that you would be familiar with or you have business transactions.

Phishing scams are not limited to just emails though. They can come in the form of messages that look like they are from UPS or FEDEX claiming that they are holding a package for you.

Social media may be used. You can be tricked into clicking on a link that you believe is from a Facebook friend.

How does phishing work?

The scammers try to make the website look like one that the victim will trust. They are usually trying to get you to do one of two things; hand over sensitive information or download Malware.

For instance, the person phishing may clone a legitimate website and send you an email that looks like it is from your bank telling you that your password was compromised. Then, there will be a link for you to click on so that you can access your account and reset your password. When you input your information, the phisher can then steal your username and password. After gaining access to your personal information, they will usually forward you to the actual website and you won’t even know what happened.

Sometimes, the email will try to get you to download an attachment which will have some type of malware giving the scammer access to your computer.

Types of phishing

Phishing scams are usually generally focused. The scammers will send out millions of emails trying to catch a victim. However, there are different types of phishing scams such as, spear phishing, whaling, and vishing.

Spear phishing is when a scammer is targeting a specific target. For example, the spear phisher may target someone in the finance or accounting dept of a company that has access to the companies funds. The spear phisher may send this person an email pretending to be the company manager and asks for emergency funds for some fabricated problem.

Whaling is when someone is phishing for a specific high reward target like the C.E.O of a large corporation or a board member. This type of phishing scam takes a lot longer and requires more work on the part of the criminal. The criminal has to spend time researching the victim and figuring out who they communicate with. It may take more work and more time, but usually provides a big reward.

Vishing stands for “voice phishing” and is the same tactic as phishing, but just done over the phone. The victim will get a phone call and usually hear a recorded message. The victim may be told that their bank account may have been compromised or that the IRS owes them money. The recording will then give the victim a phone number to call so they can verify their information. Usually by providing a PIN number or social security number.

Why does phishing work?

Scammers are trying to take advantage of the fact that people are generally curious and trusting. Scammers refer to this as social engineering.

Phishing works because scammers are attempting to hack a system by exploiting human psychology rather than using technical hacking methods. For example, a hacker can try to gain access by finding a weakness in your software using technical methods or they can trick you into revealing your password through phishing scams.

Examples of phishing

How to prevent phishing attacks?

There are a few ways that you can protect yourself from phishing attacks.

First, understanding what phishing is and how it works; knowing the different types of phishing techniques used; and, understanding why phishing works.

Second, know what scammers are after–usually cash or sensitive information that will give them access to cash.

Third, look for red flags like bad spelling, being asked for money, or promises to reward you. Look carefully at the URL. You may notice that the web address doesn’t match the website that you are on. This is a big red flag.

Fourth, emails from a country where you don’t know anyone but they claim to know you. Don’t open any email or answer any phone calls if you don’t recognize the source. However, be aware that the email or message may be made to look like it’s from someone you are familiar with. Resist the urge to click on any links or downloads. If you are not sure, try to get verification from the person or company that the message is allegedly coming from by contacting them directly.

It may seem obvious but don’t use any of the contact information that is provided in the email. Open a separate window and get the contact information directly from the company by doing a separate search. If the email is from a person, contact that person directly and verify that they sent you an email and its content.

6 thoughts on “Gone Phishing”

  1. It is cool article, I didn’t know much about phishing attacks, but with your detailed description, I’ve learned more about this! Also great way to prevent phishing attacks, thank you for this important information! I’m gonna share this with all of my friends, it will be helpful!

  2. Thank you for sharing, as I read it, all I say was “WOW”. I was a victim of Identity Theft and it was a Nightmare. I never thought about the Emails or Websites. I am guilty of reading information fast. Thanks to this post, I will make sure that I know what I am clicking on. You have truly opened my eyes, and I will share this info with my family and friends.
    Thank You

  3. Hey Tom I think that you have one of the best content structures I’ve seen. If I may offer a little more( moving pic) maybe fish swimming on a comp. screen. And I would luv some help with mine. Maybe get it to look more professional. Thanks

  4. I heard somewhere about pishing but I had no idea what that meant. It seems pretty dangerous and uncomfortable. I do not think I’ve ever experienced a phishing attack, but I may be mistaken. It seems to me very hard to find out if you’re attacked. I get 30 emails a day and it’s hard to study if there is any evil intention behind them.
    I think I’ll be much more cautious in the future, especially when it comes to password, PIN, and so on.

  5. I think we’ve all been exposed to phishing emails, but there are many who will just absentmindedly click on them without knowing what they’re about to get into or in many cases, hand over. I’ve always stated that if someone like Pay Pal or Amazon sends an email suspending an account, always go to the site and try to log in. That’ll tell you a lot. I like the recommendation of hovering over, because you’ll see in two seconds whether or not it’s a legit email.

Leave a Comment