September 2024
Put simply, phishing refers to the act of trying to get personal information under false pretenses. Phishers who initiate these attacks may try to get usernames, passwords, bank account information, credit card details, and more from their victims ultimately resulting in identity theft.
Phishing attacks usually occur through an e-mail, although it could occur through a text message or phone call as well. The message looks like it’s from a legitimate source, often appearing to come from a place the victim recognizes, like their bank, credit card company, or even a social network site. Thinking the source is legitimate, the victim will then answer questions or enter information that gives the phishers their personal details.
The crude, poorly formatted phishing emails of a few years ago have largely been replaced with professionally designed phishing attacks that are hard to distinguish from legitimate messages without careful examination.
In a new variation known as “spear-phishing,” hackers will research a target — usually a business executive or someone with a high net worth — to learn personal details or the names of connections to help legitimize their attack messages. Several financial executives, for instance, have been fooled by spear-phishing attacks that purported to be urgent requests from those executives’ bosses.
Understanding that these types of attacks occur allows you to be on the lookout for them. Here are a few specific tips for recognizing a phishing attempt:
- Legitimate businesses or financial institutions will never ask you for your personal information by e-mail, text message or phone call.
- Phishers often use scare tactics and emotional language to intimidate their victims into responding. For example, “you need to respond now or we will put your account on hold.”
- Phishing messages often have spelling and grammar mistakes. While reputable organizations proofread carefully, phishers do not.
- Links in phishing messages may be not quite right. For example, an O being replaced with a zero or additional text at the beginning or end. Before you click on a link, hover over the text to see where it is pointing.
If you think you’ve received an e-mail that’s an attempt to get your information, you could just delete it. However, if you’re concerned that it could be legitimate, your best option is to contact the company directly through other means. For example, if you receive an e-mail that looks like it’s from your bank, but you’re not sure, call the number on your statement. That way you’ll be sure the person on the other end is who they say they are. It is better to be safe than sorry when it comes to your security.
Watch for the #BanksNeverAskThat campaign coming out in October! Test your cybersecurity knowledge and learn all the ways to protect yourself and your personal data.