Phishing (pronounced 'fishing') simply means fishing for information - usually sensitive/ valuable information such as credit card details etc.
- Phishing is a form of social engineering, a technique where cyber attackers attempt to fool a person into disclosing sensitive information.
- These attacks often begin with a cyber criminal sending you an email pretending to be from someone you know or trust
- Clicking on a link
- opening an attachment
- giving out sensitive information
Characteristics of phishing emails
- Generic greeting: they are sent in large batches. Internet criminals use generic names.
- Forged link: Roll your mouse over the link sent and see if it matches what appears in the email. If there is a discrepancy, don't click on the link.–Safe websites to enter personal information usually begin with "https" — the "s" stands for secure. If you don't see "https" do not proceed. Requests personal information: If you receive an email requesting your personal information, it is probably a phishing attempt.
- Sense of urgency: They do this by making you think something has happened that requires you to act fast. The faster they get your information, the faster they can move on to another victim.
Aim of phishing emails
Harvesting Information: users are fooled into clicking on a link which leads to a website asking for sensitive information (such as your login and password, credit card or ATM number). The websites looks legitimate, with same look, imagery and feel of your online bank or store.
Infecting your computer with malicious links: If the link is clicked on, the user may be directed to a website that silently launches an attack against your computer and if successful, will infect the system
Infecting your computer with malicious attachments: emails with malicious attachments, such as infected PDF files or Microsoft Office documents. If you open these attachments they attack your computer and, if successful, gives the attacker complete control.
Scams: These are attempts by criminals to defraud. Examples include notices that you’ve won the lottery, charities requesting donations after a recent disaster or a dignitary that needs to transfer millions of dollars into your country and would like to pay you to help them with the transfer.
Protecting Yourself
Do not click on links indiscriminately. Hover your mouse over the link. This will show you the true destination where you would go if you actually clicked on it. If the true destination of the link is different than what is shown in the email, this may be an indication of fraud.
Be suspicious of email attachments and only open those mails that you are expecting.
If something seems suspicious or too good to be true, it is most likely an attack. Simply delete the email.
If you get a suspicious email from a trusted colleague or friend, call them to confirm that they sent it. Always use a telephone number that you already know or can independently verify, NOT one that was included in the mail. The person’s computer may have been infected or their account may have been compromised, and malware is sending the email to all of your friend’s contact. Beware!!!
No comments:
Post a Comment