What are Phishing Attacks and How to Prevent Them
January 20, 2015
There has been a rise in the phishing industry lately. However these phisherman sport more sophisticated and advanced gear in their tackle box than the good ol’ worm and bobber.
Phishermen prowl for personal passwords, email addresses, credit card information, pin numbers and other forms of personal information that can lead to some form of money.
This type of phishing is not a leisurely sport. It can be harmful by leaving you financially compromised. I want to help you be able to spot them to keep them from damaging your personal information and life.
What is phishing?
As the ever trusty Wikipedia states,
“Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication.”
Phishing attacks are usually done by email or even entire websites. Hackers either send out mass emails asking for personal information such as social media site or banking passwords.
This information can also be gathered by phishermen through fake websites. The tell-tale sign of a phishing website is its URL. A phishing website will look very similar to the authentic website and the URL will usually only be off by one character. For instance, a PayPal could look like PayPa1. If you see this in your URL’s do not assume it is okay. Do not give payment information to the site you are on or enter your email/password.
Are there multiple forms of phishing?
When a hacker focuses all of their efforts towards a single company, institution, and individual, this is known as Spear phishing. Spear phishing is unlike regular phishing attacks in that the hacker devotes more hours in order to get what he/she wants from the target. This is a specific attack, but not as specific as the next form of phishing.
Whaling is a form of phishing in which the hacker targets a high up, well-off person. This type of phishing is only attempted on the more wealthy. Hackers spend large amounts of time collecting data about their target so that when they finally do send them an email, the subject line is more likely to be believable.
Should you worry about phishing attacks
Most people won’t have to worry about whaling, but college students and employees of big businesses may encounter spear phishing. It is important to know that colleges do not ask their students for their personal email information. Institutions may ask you to change the password of your email, but will never ask you for it unless you request it.
If you are working at a big business you can avoid falling into these traps if you receive an email about a Linkedin password as many people did this past week. Also, your job position can be targeted in general. Be cautious of emails asking for information from you about current or past job roles unless you verify the person’s identity.
Overall phishing attacks are relatively easy to keep safe from, but if you buy into one then you may have a problem and it might take you a while to realize what’s going on. The best action you can take for preventing attacks is to actively read emails and URL’s. If the email asks for passwords of any type or if a website URL looks off, delete or close the page.