Phishing - /'fiSHiNG/ - Phishing is an attempt to deceive people in order to steal information from them. It primarily happens via email, but people can also get phished via telephone or text message. Phishing is a form of social engineering. Social engineering is the use of deception to manipulate individuals into revealing personal information that may be used to commit a crime.
The best way to protect yourself from phishing is to learn how to recognize when someone is phishing you.
Is it a Phish?
Suspicious sender. It might be a phishing email if the email says it comes from an official organization, but has poor grammar or spelling, or uses a personal email address like @gmail.com, @yahoo.com or @hotmail.com. If you can, you should try to confirm the legitimacy of the sender's email address.
Sense of urgency. It might be a phishing email if the email creates a sense of urgency, demanding “immediate action” before something bad happens, like closing your account. The attacker wants to rush you into making a mistake without thinking or verifying the request.
Generic greeting. It might be a phishing email if, instead of using your name, the email contains a generic salutation like “Dear User.” Most companies, colleagues, or friends contacting you will use your name.
Suspicious message. It might be a phishing email if you receive a message from someone you know, but the tone or wording just does not sound like him or her. If you are suspicious, call the sender to verify they sent it. It is easy for a cyber attacker to create an email that appears to be from a friend or coworker.
Forged link. It might be a phishing email if the link looks odd or not official. One tip is to hover your cursor over the link until a pop-up shows you where that link really takes you. If the link description in the email doesn’t match the pop-up destination, don’t click it. On mobile devices, holding your finger down on a link gets the same pop-up. An even safer step is to type the website address in your internet browser.
Requests personal information. It might be a phishing email if the email requests highly sensitive information, such as your credit card number or password.
Why Are Cyber Criminals Phishing You?
Harvesting Information. The cyber criminal's goal is to harvest your personal information, such as your passwords, credit card numbers, or banking details. To do this, they email you a link that takes you to a website that appears legitimate. This website then asks you to provide your account information or personal data; however, the site is fake, and any information you enter goes directly to the attacker.
Malicious Links: The attacker’s goal is to infect or take control of your device. To do this, they send you an email with a link. If you click on the link, it takes you to a website that launches an attack on your device that, if successful, infects your system.
Malicious Attachments: The attacker’s goal is the same, to infect and take control of your device. But instead of a link, the attacker emails you an infected file, such as a Word document. Opening the attachment triggers the attack, potentially giving the attacker control of your system.
Scams: Some phishing emails are nothing more than scams by con artists who have gone digital. They try to fool you by saying you won the lottery, pretending to be a charity needing donations, or asking for your help to move millions of dollars. If you respond to any of these, they will say they first need payment for their services or access to your bank account, scamming you out of your money.
Cyber Security Resources
For more information on protecting yourself and your personal information, check out the following websites:
Department of Homeland Security
U.S. Computer Emergency Readiness Team
U.S. Securities and Exchange Commission
Keeping Children Safe Online (US-CERT)