Wikipedia defines fishing as “the activity of trying to catch a fish.” However, Wikipedia additionally defines phishing as “the fraudulent attempt to obtain sensitive information such as usernames, passwords, and credit card details by disguising as a trustworthy entity in an electronic communication.” Let’s talk more about “phishing.”
What is Phishing? Phishing is a cyber-crime. The cyber criminal’s targets are typically contacted by e-mail (although telephone or text message can be used) by posing as a legitimate institution. The goal is to lure individuals into being fooled into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords. If the phishing attack is successful, it can have devastating results for the victims.
How a Phishing Scam can Work: An attacker sends out thousands of fraudulent messages in attempt to acquire significant information or large sums of money. The fraudulent messages are designed to look like real messages. It’s essentially a numbers game. Even if only a small percentage of recipients fall for the scam, the reward can be plentiful.
As a made-up example: An attacker targets alumni from a university asking for donations. The message contains a logo from the university, includes names of school programs, and appears to be sent from the alumni director, a dean, or even the school president.
The attacker even uses an e-mail address that may look like the real e-mail address. Then the message will direct you to a phony website that looks like your university’s website with logos and other information likely copied from the real website. While your university’s real website address might be “university.edu/alumni,” the phony website address might look like “university.edualumni.com.” At first glance, some people will be fooled.
How to Protect Yourself from Phishing: Vigilance is important. Keep your operating system, anti-spam and anti-malware programs current with all updates. This will help block some phishing attacks, or even block attacks trying to access your system via an automated means.
Phony messages contain subtle differences or mistakes. In addition to the website address difference as above, they may have a phony physical address, phony e-mail address, or even simple spelling mistakes.
Be wary of tight deadlines or even threats. If the message indicates you need to pay quickly, pay a fine or send cash, that might not be a legitimate message.
Such messages sometimes don’t address you by name (e.g. Dear Sir/Madam). A legitimate message from an organization that knows you will likely address you personally.
When asked to pay online, make sure you are using a secure website. Secure websites start with “https”, not “http” to encrypt the connection between the browser and server. A phishing website may not have the SSL configured.
Always make sure you know and trust the person or entity that sends you an e-mail. By exercising a little caution and attentiveness, you can avoid the dangers and problems from a phishing attack.
David Schuchman is the founder of Princeton Technology Advisors and executive chair of the Professional Service Group of Mercer County. Visit www.princetontechadvisors.com or www.psgofmercercounty.org.