In today’s digital world, so much of what we do, whether business or pleasure, can be found online. However, with the increase in online activity, cybercrime has risen as well, and one of the most dangerous scams out there is phishing.
What is phishing?
Phishing, as defined by the Federal Deposit Insurance Corporation (FDIC), “refers to a scam that encompasses fraudulently obtaining and using an individual’s personal or financial information.” The scam works when a phishing individual or organization sends out an email that appears to be from a trusted source, such as a bank or government organization.
The email contains a reason for the subject receiving it to “verify” his or her information by clicking a direct link that is provided in the email. The link and the website it links to appear to be from the same trusted source that “sent” the email – however, in reality, it all belongs to the scammer. Once you click the link and enter your information, such as social security number or credit card information, it will be sent to the scammers who will then use it for their own purposes.
Why is it dangerous?
Phishing is one of the most dangerous forms of cybercrime because, for the most part, it can’t be detected by regular antivirus software. Phishing scammers don’t need to infect your computer with a virus in order to obtain your information, because you will willingly give it up by following the link provided in the email.
Once the individual or organization behind the phishing scam has your personal information, you are in danger of falling victim to identity theft, which has serious consequences for your financial stability and credit.
How can you prevent it?
One option for preventing phishing is to purchase and install anti-phishing software; these programs scan emails and messages to look for conspicuous wording and clear signs of phishing. With so many new and sophisticated scams continuing to arise, however, our next tip is vital.
Know the signs and avoid clicking on links in emails that seem as if they may be from a malicious source. According to Microsoft, several trademarks of phishing scams include the tendency to spoof a popular or trusted company, one that most users won’t think twice about giving up their personal information for.
Some are easy to detect, while many are getting more sophisticated.
Another aspect is the fact that links will be provided and written out directly in the email; when you hover over the link with your mouse, you will be able to see that it does not actually link to the site that it promises, but instead to a malicious scam website. This can be very tricky, i.e. yourcompanyworkplace.com could be disguised as yourcompanyvvorkplace.com. Did you catch it? the “w” in the first URL is two “v”s in the second URL. This is an example of how an attacker will disguise phishing websites to look like legitimate sources.
To learn more about how to prevent phishing scams, one option is to have your business or organization’s employees trained to recognize the signs. For example, Global Learning Systems offers a comprehensive course in anti-phishing so that you and your organization will be prepared to face and avoid phishing scams. We also offer simulated exploit tests to assess how your employees would respond to various attack vectors. You want to ensure your employees recognize and report such attacks to keep their personal and your organizational information secure.
Another great resource is http://www.privacyrights.org to stay aware of recent breaches and security threats.