What is Phishing

Written By Mani Haghighi
email phishing, email scam

Every day, email inboxes fill up with annoying, unwanted messages. However, some of these junk messages are malicious/ phishing attacks. By using phishing emails, texts, or social media posts that lead to phishing sites, fraudsters attempt to deceive you into revealing your personal and sensitive information – bank account numbers, credit card info, Social Security number, or login IDs, usernames, and passwords. Once obtained, they use your credentials to steal your money, your identity, or both.

How does it work?

You get a legitimate-looking email with the subject line. For instance: “Your Amazon order confirmation.” This message is often referred to as a ‘lure,’ because it is disguised to trick you into taking the bait. Whether you recently ordered something from Amazon or not, you open the email. Inside, the message encourages you to follow a link entitled Your Account, but you aren’t paying attention when the link opens automatically in your browser.

Other phishing attacks target businesses. For example, an employee may receive phishing emails from imposters posing as a C-level executive within their organization. If an employee follows the email’s instructions, the phishers could gain illegal access to the company’s data. This is especially easy if an employee provides their login credentials. After tricking an employee into giving their login and password, the cybercriminals then have full cntrol over the company’s systems. Phishers could also pose as a bank or another financial institution that the company doesn’t hold accounts with. In this case, an employee who falls for a scam sends money directly to the phishers.

In a nutshell, phishing starts with fraudulent communication via email, text messages, or social media. A message appears to be from a trusted source like your bank, an e-commerce site, the IRS, G Drive, UPS, FedEx, or any number of others, but it isn’t.

Follow these tips to avoid phishing and scams and stay safe.

Repairing the damage caused by phishing can be frustrating, time-consuming, and expensive. Following a few basic safety rules is much easier:

  • Do not click any links or download any attachments in suspicious emails. Instead, open your web browser and go to the website by entering it in the address bar.

  • Alternate Internet Explorer with other browsers.

  • Use antivirus and firewall solutions, and keep them up to date.

  • Always use a secure website (HTTPS) and check the digital certificates.

  • check your accounts and statements regularly, and report any suspicious activity immediately.

  • Report suspicious emails to security companies and local authorities.

Mani Haghighi
Previous

The Hidden Dangers of Public Wi-Fi

Next

What is Network Infrastructure Security?