What is phishing?
Phishing, other than being a great word for fish-based puns, is basically any attempt to trick people over an email, text messages, phone calls or a fake website. The goal can be anything from trying to get people to send you money, hand over sensitive information, or even just download malware unwittingly, and the authors of these attacks will use lies, trickery, forgery, and outright manipulation in order to see them succeed. Because of this, phishing is what we call Social Engineering: a kind of attack that relies on human fallibility rather than a hardware or software flaw in order to work.
How does phishing work?
At the beginning, victim receives an email or message where the sender pretends to be a bank or another real company or organization. The email contains links to fake website prepared by the criminals (with the appearance of a legitimate website) which asks the victim to enter personal data.
Phishing can be made via other means of communication, including: SMS (sometimes dubbed 'smishing'), VoIP ('vishing') or instant messaging on social networks.
Cybercriminals also try to alarm recipients, with warnings and emergency alerts to stir victims into action. The idea is to get users to act immediately without considering potential risks.
How to identify a phishing message
Because the objective of phishing emails are so varied, the "look" of each one is pretty different too. While we'll look at a few examples, most of them have the same basic "attributes":
- Poor spelling/grammar
- Vagueness
- Strange links/attachments
- Unusual or misspelled return addresses
Unfortunately, these attributes aren't found in spear phishing emails, which are designed to fool specific people or organizations, so they are neither vague nor do they strategically employ the poor spelling and grammar of other, more common phishing emails.
How to protect against phishing
- Don't click on any links.
- Improve the security of your computer.
- It is necessary to have an additional security layer with a professional antivirus.
- Enter confidential information in secure websites only - the address begins with "https://", meaning that the transfer protocol is secure, and a closed padlock symbol should appear in the browser.
- Check your accounts frequently. It's always worth checking bills and bank accounts from time to time to see if there are any strange transactions.
- If you are not sure, don't take chances. The best advice with phishing is to encourage caution among all members of your organization. Check the authenticity of any content if you have any suspicions whatsoever.