Friday , 9 December 2016
phishing2

What Is Phishing?

It’s a strange word.  But what is phishing and what does it mean for you, the average internet user?  The answer is surprising.  Phishing is an attempt to trick someone into giving up personal information such as usernames, passwords, bank account information, social security numbers, credit card numbers, and more.  Phishing can come in the form of emails, telephone calls, malware, and more.  Falling for a phishing scheme can be a disaster and can cause financial as well as psychological harm.

The term phishing is a euphemism for actual “fishing” — where hackers would send out thousands of emails in an attempt to catch at least a few bits of information from some poor unsuspecting victims.  They knew that most people would not fall for the scheme but a few would…hence the analogy with the sport of fishing.  Hackers of the 1990’s were also fond of substituting the letters ‘ph’ for the letter ‘f’.   The term phishing was first seen on a hacker message board around 1996.

Phishing attacks usually come in the form of an email that attempts to disguise itself by looking as “official” as possible.  The email could have actual company logos from a specific brand, such as Google, PayPal, Yahoo, or even online stores such as Macy’s or Amazon.  Phishing emails often try to spark victims into action through methods such as asking the victim to confirm usernames and passwords or confirm order details.  The emails will then make an attempt to redirect the user to a fake website where the hackers will try to get users to input information.

Sometimes phishing attacks come in the form of phone calls.  The recent IRS lawsuit phone scam is a phishing scam designed to try to trick people into thinking that the IRS is filing a lawsuit against them and that they must send money immediately.  The victims are then led to divulging credit card info, or worse sending cash via Western Union.

Check out this phishing email example from “Amazon.com”:

phishingtechniques

Unfortunately these attacks are most successful with the elderly as well as those who may speak English as a second language such as immigrants.  They are unaware that such schemes exist, and the fact that many phishing schemes are very sophisticated and look rather “official” causes these people to fall for them.

Knowledge is power in terms of preventing phishing attacks from affecting you.  If you know what to look for then you’ll usually be able to spot a phishing scheme a mile away.  If any red flags go up, you’ll know to do a quick Google search to see if anyone else has been the victim of that particular fraud.

Here are a few things that you can do in order to prevent falling for a phishing scheme:

  • Always be suspicious of unsolicited emails from any company.  Even if it’s from “Google” or “Amazon”, companies will usually NOT send you an unsolicited email asking for passwords or other user information.  Check the sender of the email and inspect the name and email address that it’s coming from.  Do not click on any links in the message.
  • Another good rule of thumb is to NEVER email personal information anyway.  Your email accounts could be hacked or intercepted.
  • Non-personalized communications should be a red-flag.  If an email is asking for you to send information but it’s not directed to you with your name in it, it’s suspect.  However, even if an email does use your name, use caution.
  • Beware of any phone calls asking for your account or other information.  Sometimes these phone calls can sound very official so keep your wits about you.  Be skeptical of everything, and if you do get an odd call, do a quick Google search to see if anyone else has been getting similar calls.
  • Google suspicious communications.  Usually by entering a snippet of text from the email in question in a set of quotation marks (” “) in Google will yield results.  You can check on all sorts of phishing schemes in this manner, from shady-sounding Craigslist ads to emails to even phone calls.
  • Stay informed.  Learning about the latest in phishing techniques will give you the best defense.  You’ll be able to identify future attacks simply by knowing the various patterns that phishing attempts usually follow.  For example, this past holiday season saw an uptick in fake emails from popular companies such as Amazon and Macy’s.  These emails asked users to confirm their orders because of shipping problems by inputting their username and passwords into fake websites.  You can expect that because of the hectic holiday season that many people fell for these tricks.

Check out these websites for examples of phishing, how to spot it, as well as outbreaks of scams that have been reported:

On Guard Online (United States Government)

Krebs On Security (reports on ongoing and new scams)

 

About Bill Gordon

Bill Gordon has been writing on tech and malware subjects for 6 years and has been working in the internet and tech industry for over 15 years. He currently lives in Southern California.

Leave a Reply

Your email address will not be published. Required fields are marked *