shark

Phishing

/ Communication / By

Consider this your periodic reminder that phishing is a constant threat at home and in the office

Phishing is a cybercrime where you are contacted by email, telephone, or text message by someone posing as a legitimate institution. The goal is to trick you into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords, or to install malware.

The information is then used to access your accounts to steal your money or your identity, or both. Sometimes it lets hackers into entire company systems to steal client information and hold data ransom.

Depending on the attack, it may only take one mistake on your part to seriously damage the finances and reputation of you or your employer.

“If you don’t understand viruses, phishing, and similar threats, you become more susceptible to them. If you don’t know how social networks leak information that you thought was private, you’re likely to reveal much more than you realize.”

Brian Kernighan, co-developer of Unix

Phishing usually involves links or attachments that seem legitimate but are dangerous. The emails or texts appear to be from established, trusted companies, or perhaps even someone you know. Phishers use threats, urgency, greed, and curiosity to get you to click on that link or download that file.

Some tips on identifying a phishing attack:

If the message makes an offer that seems too good to be true, it probably isn’t true. If it claims you won a smart phone or a trip or a car in a contest you don’t remember entering, it is probably a phishing attack. Don’t click on the link to learn more, just delete it.

Phishers often use threats to make you act without thinking, such as saying your account will be closed. We used to get voicemail phishing messages warning that we’ll be reported to the “Chinese police” if we don’t respond. Another trick is to attach ridiculous deadlines to the threats, such as having to respond within one day.

Beware hyperlinks. The hyperlinked text might appear as a known organization, but if you hover over the link you’ll see that the actual URL is some complicated character string, or that the business name is misspelled, or some other odd variation. Don’t click on these links!

The same goes extra for attachments. Malware could be hiding there, so if you see an attachment you don’t expect or doesn’t make sense, don’t open it.

Phishers will often use generic names like starting their email like “Hi, this is Joe,” since everyone knows at least one Joe, and then get you to download the cool picture “Joe” sent you.

Sometimes they will send you an email seemingly in error, perhaps addressed to someone named “Meghan”, with a link to claim some wonderful prize Meghan won. The idea is that your greed will entice you to take Meghan’s prize as your own, and you’ll click on the link. It won’t be a “prize” that you’ll want, however.

Other warning signs:

  • The email or text was sent to you and a group of people you don’t know
  • There are odd misspellings or strange grammar
  • The email claims to be responding to something you never sent
  • A company is asking for personal information via email; no legitimate company will do that
  • The email was apparently sent from someone you know but it is unusual or out of character
  • Generally anything about the message that is strange or makes you uneasy

When in doubt do not interact with the email!