Phishing

 

What is Phishing?

More than 200 billion e-mails are sent and received worldwide each day. That represents a lot of opportunity for phishing scams, in which scammers distribute e-mails that appear to come from legitimate organizations or individuals and try to entice the recipient into clicking on malicious links or attachments. Spear-phishing is a more targeted type of phishing in which a specific organization or person is the target. The typical goal of phishing attacks is to get the victim to give up sensitive information such as a Social Security number or financial information. Phishing is also used as a way for attackers to get inside an organization’s network for cyber espionage or other malicious activity.

Scammers will use spoofed e-mail addresses, phony websites with legitimate logos, or phone numbers to fake customer service centers operated by the scammers. Last year phishing attacks cost organizations $4.5 billion in losses. 

  • Spoofed e-mail:  The e-mail appears to come from one address, but replies get sent to a different address
  • Phony website:  The website looks like the real website, but is actually owned by a criminal
  • Phone 

Common Phishing Scams

When it comes to phishing, the best line of defense is you. If you pay attention to potential phishing traps and watch for telltale signs of a scam, you can minimize your risk of becoming a victim. Here are some scenarios you may encounter:

·         An e-mail appearing to be from a bank, credit card company, or other financial institution requests that you “confirm” your personal account information. Supposedly, your information has been lost, or your account is going to be closed, so it is “urgent” that you respond immediately.

·         A phony e-mail from the “fraud department” of a well-known company asks you to verify your information because they suspect you may be a victim of identity theft.

·         An e-mail may take advantage of a current event, such as the Anthem data breach, which scammers used to send phishing e-mails with malicious links for “free credit reporting.”

·         An e-mail claiming to be from a state lottery commission requests your banking information to deposit the “winnings” into your accounts.

·         A scammer pretends to have a large sum of money and needs “someone trustworthy” to help access it. The scammer promises to share the wealth in exchange for your help - specifically, your financial information.

 

Easy Tips to Protect Yourself from Phishing      

·         Do not send any sensitive personal information via e-mail. Legitimate organizations will not ask users to send information this way.

·         Visit banking or financial websites by typing the address into the address bar. Do not follow links embedded in an unsolicited e-mail.

·         Only open an e-mail attachment if you’re expecting it and know what it contains. Be cautious about container files, such as .zip files, as malicious files could be packed inside.

·          If you want to verify a suspicious e-mail, contact the organization directly – but don’t call the number which is provided in the e-mail.

·         Use discretion when posting personal information on social media. This information is a treasure-trove to spear phishers who will use it to create enticing phishing e-mails.

·         Use antivirus software to detect and disable malicious programs, such as spyware or backdoor Trojans, which may be included in phishing e-mails.

  • Keep your Internet browser updated with the latest security patches.

 

For More Information

·         Anti-Phishing Working Group:  http://www.antiphishing.org

·         Internet Crime Complaint Center (IC3): https://www.ic3.gov/default.aspx

·         Federal Trade Commission: https://www.consumer.ftc.gov/articles/0003-phishing

Back to Top