Phishing is the attempt to acquire sensitive information by pretending to be a familiar or trustworthy source in an email. Fraudulent emails from popular sites like banks, online payment processors, and IT administrators are commonly used to lure unsuspecting victims.
Essentially, phishing is an information-gathering technique that isn’t necessarily damaging in and of itself. However, when unsuspecting victims provide bits of information, a savvy criminal can piece them together to gain access to areas and information that are private.
Spear phishing – Attempts directed at specific individuals or companies have been termed spear phishing. Attackers may gather personal information about their target to increase their probability of success.
Clone phishing – An attack whereby a legitimate and previously delivered email containing an attachment or link has had its content and recipient address(es) taken and used to create an almost identical or cloned email. The attachment or link within the email is replaced with a malicious version and then sent from an email address spoofed to appear to come from the original sender. It may claim to be a resend of the original or an updated version to the original. This technique could be used to pivot (indirectly) from a previously infected machine and gain a foothold on another machine, by exploiting the social trust associated with the inferred connection due to both parties receiving the original email.
Whaling – Several recent phishing attacks have been directed specifically at senior executives and other high profile targets within businesses, and the term whaling has been coined for these kinds of attacks.
What should you look for?
Be wary of emails from unknown sources. If you can’t recall having given your email to the company claiming to need more information, there is a good chance it is a phishing scam.
If the list of recipients (To: line) is very large or undisclosed, the email is likely a scam.
If the email is coming from your own email address (From: line), it’s time to change your password because someone is using your name and email to lure others into providing more information.
Links that are misspelled or not quite right are a telltale sign
If an email contains an attachment that you weren’t expecting, do not open it. It may contain a virus.
A Smart Consumer of Digital Information does the following:
Deletes suspicious emails
Does not open unexpected email attachments
Does not click on links in suspicious emails. Links can be doctored or spoofed to look legitimate. If you must go to the website, open a new window and type in the URL then navigate to the page with the information you are looking for.
Is it worth it to be so cautious?
Absolutely. What’s at stake is the integrity of your data and your identity. When it comes to keeping your digital data safe, you can never be too cautious.