Phishing 101

Internet Crooks are Phishing for You!

Phishing (pronounced fish-ing) is a tactic used by faceless criminals to obtain your money or information. These Internet miscreants are "fishing" for your personal information with the hope of using it for their own gain. They can use your personal information to steal your identity, create credit cards in your name, access your bank accounts, read your e-mails, or even lock you out of your e-mail account so that you cannot monitor their activity.

There are many types of phishing scams, many of which are too technical to cover in this short blog post. We will focus on Deceptive Phishing, or E-Mail Phishing. We see quite a bit of it taking place and it requires you to be ignorant of the tactics. So, we feel that this information is most beneficial. Much of the network news that describes fake e-mails from Paypal, UPS, FedEx, eBay, Amazon, etc. are covering what are considered Deceptive Phishing scams.

 

The Anatomy of a Phishing E-Mail

An actual Phishing E-Mail that appears to come from Amazon

Phishing E-mail Warning Signs

If you receive an email from a website or company asking you to provide confidential information, you might be a target. The tips below can help you defend yourself.

Unofficial Sender

Look out for a sender's email address that is similar to, but not the same as, a company's official email address. It is common for these Internet perpetrators to sign up for free e-mail accounts using company names in them (such as "PaypalSuppport@gmail.com"). These email addresses are meant to trick you! Do not be fooled! Legitimate company e-mails from these companies will typically come from their website domain, such as support@paypal.com. One tip is to hit Reply so you can clearly see to whom you would be communicating.

Urgency

Lawless offenders often include "calls to action" to prompt a reaction. Be wary of e-mails containing phrases like "your account will be terminated," "your account has been compromised," or "immediate action required." The thief is taking advantage of your concern to trick you into providing your information.

Faux Websites

To trick you into disclosing your information, cyber hoodlums often include a link to a fake web pages that can look exactly like the legitimate web site. These are called "spoofed" sites. Just because a website includes a company logo or looks legitimate does not mean it is. Logos and the appearance of legitimate web sites are easy for skilled suspects to copy.

Legitimate content mixed in

Crafty villains can include authentic links in their spoofed pages, such as to the actual privacy policy or terms of service for the site they're using. These authentic links are mixed in with poisoned links in order to make the spoof site appear more realistic.

Here are more indicators that an e-mail might not be legitimate:

  • • Spelling errors, poor grammar, or low resolution images
  • • Requests for personal information such as your password, Social Security number, bank account, or credit card number. Legitimate companies will never ask you to verify or provide confidential information in an unsolicited email
  • • Attachments (which might contain viruses or keystroke loggers, which record what you type). It is a great defense to refrain from clicking on unauthenticated attachments (contact the supposed sender directly)

 

Would you like more tech news more often? Follow us on Facebook!

Comments are closed.