Phishing

Phishing
Body

 

Phishing - /'fiSHiNG/ - Phishing is an attempt by malicious actors pretending to be a legitimate enterprise for the purpose of stealing private information, such as user name and passwords, Social Security Numbers (SSN), dates of birth, and financial information.

The best way to protect yourself from phishing is to learn how to recognize a phish.


Is it a Phish?

Generic greeting. It might be a phishing email if, instead of using your name, the email contains a generic salutation like “Dear User.” Most companies, colleagues, or friends contacting you will use your name.

Forged link. It might be a phishing email if the link looks odd or not official. One tip is to hover your cursor over the link until a pop-up shows you where that link really takes you. If the link description in the email doesn’t match the pop-up destination, don’t click it. On mobile devices, holding your finger down on a link gets the same pop-up. An even safer step is to copy and then paste the URL from the email into your browser or type the correct link.

Requests personal information. It might be a phishing email if the email requests highly sensitive information, such as your credit card number or password.

Sense of urgency. It might be a phishing email if the email creates a sense of urgency, demanding “immediate action” before something bad happens, like closing your account. The attacker wants to rush you into making a mistake without thinking or verifying the request.

Suspicious sender. It might be a phishing email if the email says it comes from an official organization, but has poor grammar or spelling, or uses a personal email address like @gmail.com, @yahoo.com or @hotmail.com.

Suspicious message. It might be a phishing email if you receive a message from someone you know, but the tone or wording just does not sound like him or her. If you are suspicious, call the sender to verify they sent it. It is easy for a cyber attacker to create an email that appears to be from a friend or coworker.

 

Why Are Cyber Criminals Phishing You?

Harvesting Information. The attacker’s goal is to harvest your personal information, such as your passwords, credit card numbers, or banking details. To do this, they email you a link that takes you to a website that appears legitimate. This website then asks you to provide your account information or personal data; however, the site is fake, and any information you enter goes directly to the attacker.

Malicious Links: The attacker’s goal is to infect or take control of your device. To do this, they send you an email with a link. If you click on the link, it takes you to a website that launches an attack on your device that, if successful, infects your system.

Malicious Attachments: The attacker’s goal is the same, to infect and take control of your device. But instead of a link, the attacker emails you an infected file, such as a Word document. Opening the attachment triggers the attack, potentially giving the attacker control of your system.

Scams: Some phishing emails are nothing more than scams by con artists who have gone digital. They try to fool you by saying you won the lottery, pretending to be a charity needing donations or asking for your help to move millions of dollars. If you respond to any of these, they will say they first need payment for their services or access to your bank account, scamming you out of your money.

 

Cyber Security Resources

For more information on protecting yourself and your personal information, check out the following websites:

Department of Homeland Security

Federal Trade Commission

U.S. Computer Emergency Readiness Team

U.S. Securities and Exchange Commission

Keeping Children Safe Online (US-CERT)