The first question you are probably going to ask is "What is phishing?". Phishing is basically a form of social engineering, and like all social engineering it is designed to make you reveal or give up important information. When someone performs a phishing attack they will use methods such as instant messages, or more commonly email. What the attacker does is they will craft a message that looks like it came from a well-known company that you might have done (or actually do) business with. These messages will appear to be very authentic and often say one of the following:
The attacker will use graphics and logos from real emails that the company would normally send out, in fact the message may look identical to the real thing, making it even harder for you to spot it as a fake.
Clicking on some of the links in these kinds of messages will take you to a site that is controlled by the attacker, and will look identical to the actual company's website. From there you would unknowingly provide them with the information that they are seeking, such as credit card numbers, account names, passwords, social security numbers, and other information you would normally protect. The reason you are giving this information up so willingly is because it looks like you are giving it to a company that you would trust with it, however in reality the attacker has tricked you into giving it to him.
So now you are probably asking "How do I spot one of these fake emails?". There are various methods to spotting a fake, some more sophisticated than others, some simpler.
If you get any emails with one or more of those characteristics chances are that it is a fake. However if you do not want to take a chance that it might be real, contact the company directly via telephone, or by manually typing in their website address (Do not use the links that where in the email as they may be fake). There are other things you can do to protect yourself from these messages:
The most important thing to remember is that if you are not sure if the email/message is legitimate, error on the side of caution. Contact the company to verify that they did send it to you. Just like with social engineering, if you did not initiate the communication chances are someone is trying to pull something on you.blog comments powered by Disqus