What is Phishing?
Phishtank.com provides a great description of Phishing: Phishing is a fraudulent attempt, usually made through email, to steal your personal information. Phishing emails usually appear to come from a well-known organization and ask for your personal information — such as credit card number, social security number, account number or password. Often times phishing attempts appear to come from sites, services and companies with which you do not even have an account.
Our next Cyber Security Awareness Month blog is about fraudulent emails and phishing scams. This blog is written to help provide awareness to some of the common methods used in email phishing, and identify typical signs of fraudulent emails.
In order for Internet criminals to successfully “phish” your personal information, they must get you to go from an email to a website. Phishing emails will almost always tell you to click a link that takes you to a site where your personal information is requested. Legitimate organizations would never request this information of you via email.
What does a Phishing E-mail look like?
Tips to spot phishing emails
1. Beware of links in email
Links in email message can be easily masked. If I could only give you one tip, it would be to watch out for this one. I personally make it a habit to never click on links in emails. If you’re not sure, there is a really easy way to check.
Roll your mouse (but don’t click) on the link to see if the address matches the link that was typed in the message. In the example below the link reveals the real web address, as shown in the box with the yellow background. Make sure that the link EXACTLY matches the correct web address. Really sophisticated phishing emails will make the address off by only a character or two, so be careful!
2. Spelling and bad grammar
This is one that has always amazed me. If you’re going to try and scam someone by email, why not invest in making sure that the email is grammatically correct? Regardless, this is one of the first things to look for. Phishing emails coming from overseas are usually littered with bad grammar.
3. Need to log in to continue? Don’t!
The point of sending phishing email is to trick you into providing your personal information. More often than not, a link will take you to a page that is a copy of a real login page (e.g., the Facebook login page). This is known as a “spoof”. Once you log into the spoofed (fake) site, they will have your personal info.
As far as personal information, no one should ever ask you for personal information by email.
4. Sense of Urgency and Threats
Internet criminals want you to provide your personal information now. They more they can convey a sense of urgency, the quicker they will get you to act. This is an important social engineering trick that relies on the victim to quickly react without thinking through the situation.
A typical way to create urgency is to threaten the victim. Have you ever received a password expiration or account deletion email? The email sample below shows an account lockout message which asks the user to click on the link, and ultimately log into a fake website. Again, always take caution with links. When in doubt, don’t click on them.
Have any questions? Please drop us a line anytime. We’re happy to help.