Phishing is a kind of wire fraud that attempts to illegally obtain information through electronic communication. It’s mostly commonly associated with email but can be committed by telephone or text message as well. The sensitive details can range from usernames and passwords, to bank information and credit card numbers. Phishing is a homophone of fishing and so cheekily named because both acts involve bait and a victim.
Phishing attempts often have a manipulative component called social engineering. Sometimes, although you are the target of the cybercrime, you may not be the target of the social engineering itself. An unscrupulous attacker may skim your online presence including blogs, video and social media accounts to glean information that is commonly used as security questions. The attacker may then call your bank and impersonate you and use whatever information they have pulled from various sources (including you) and gain access to your account.
In their attempts to manipulate you, phishing attempts generally try to solicit information while appearing as an authority. They will use seemingly official emails, email addresses, websites and robocalls to trick you into giving up this information. Common phishing tactics include:
• A Nigerian prince asking for your bank information in exchange for a handsome reward
• An email that looks like it’s from an official source (but maybe also looks a little off), telling you that you need to change your password or log in to verify your identity.
• A phone call telling you that the IRS has issued a warrant for your arrest
• An innocuous looking email attachment that you didn’t request
The Consequences of Phishing
Although phishing has existed for nearly as long as electronic communication has existed, it’s in recent years that phishing has become increasingly sophisticated and devastating. The tactics are diverse and can confuse even the most careful targets. Spear phishing, for instance, is a brand of highly targeted phishing. The attack may be aimed at a specific company, or just one high profile individual within that company. And believe it or not, these attacks are wildly successful: 91% of attacks begin with a spear phishing campaign according to Trend Micro.
The consequences of falling victim to phishing could mean being locked out of your accounts, funds drained from your credit cards or bank, losing access to other accounts that share the same password and possibly future attempts at identity theft. For businesses, all these issues are magnified and impact customers as well. It’s your job to ensure the security of your business for not only your sake, but also your clients.
How to Protect Yourself From Phishing Scams
To reduce the likelihood of becoming a victim of a phishing scam:
• Look carefully at incoming email addresses and confirm they are authentic
• Hover your cursor (but don’t click!) on links you’re not sure about to see what website they go to
• Don’t immediately open attachments you didn’t ask for
• If a strange email came from someone you know, confirm with them outside of email
• If you get an unsolicited email to change a password, access the website by typing in the URL yourself and manually change the password. Don’t click any links in the email.
• Utilize anti-spam and call filtering software
I-M Technology specializes in protecting organizations from phishing attempts. We have training and policy implementation working in conjunction with power software solutions to best protect you, your business and your clients.
Don’t Get Caught
Want to learn more about how to stay off the phishing hook? Fill out this form to get our FREE SecureIT fact sheet from I-M Technology sent straight to your email to learn more.