What is Phishing?

If you have ever gone fishing, it is fairly easy to understand the concept of phishing. When you are fishing, you are tossing a line into a pool of water. Attached to that line is a hook holding something that will look tasty enough to your “catch” for it to bite on and get reeled in.

Phishing is the same concept. An individual who is looking to “catch” personal or financial information from an unsuspecting subject casts a line (sends an email) to a large pool of email addresses. Attached to that line is a “baited hook”, usually a legitimate looking notice bearing the name of a generally well known business or web site. That baited hook will usually indicate that, in reviewing your account or recent request, they have discovered a potential problem that you need to address. The hook will generally include a link for you to click on to resolve the issue. For extra incentive for you to “bite”, they will often include a threat stating that if you do not follow-through, your account will be blocked, frozen, or may be compromised.

A phishing email may look something like this:

Clicking on the link is the action that will deliver you, and your personal data, into the hands of the “phisherman”. The provided link may direct you to a site designed to gather your personal information or it may allow the downloading of malicious software designed to give the perpetrator access to your credit card numbers or other information for the purpose of identity theft.

Phishing emails can be recognized in a number of ways. Most emails sent from legitimate sources, especially in reference to an issue with your account, will address you by name not “Dear Customer”. If the email contains spelling and grammatical errors, you can be fairly sure it is not from a reliable source, since businesses have staff that review documents for errors before they are sent. If you rest your mouse cursor over the link in the email (don’t click it) a box will appear with the address that you are being directed to. If the link in the email does not match the address in the box or directs you to an .exe file, beware. Phishing messages can mask the actual destination of the link with a web address that looks genuine.

Although spam blockers, firewalls, and anti-virus software can provide a measure of security against phishing, nothing is 100% effective 100% of the time. It is important to monitor and update software regularly. It is critical to regard all unsolicited email with suspicion and never click on an emailed link or attachment unless you are sure that it came from a reliable source.

For more information please contact us at 757.628.8324.

Recent Posts