Analysis Tech

What is phishing?

Phishing. This term has been around the cyber-security space for quite some time now, but I still run across those who have no idea what it is. To put it simply: phishing is an attack that provides the target with a lure enticing enough to fall for whatever the bad guy is trying to pull off. This type of attack generally takes form via email and can range from tricking you into providing sensitive personal information to installing malware onto your computer.

The root of phishing is social engineering — the art of deception utilized to manipulate individuals to perform an action on behalf of the bad guy. Phishing started out socially, like pretending to be a security guard to gain access somewhere or to get an employee to verify something. With the advent of the internet, however, phishing has gained huge traction in the cyber world due to the low risk, high reward environment (chances of getting caught are slim if the bad guys do things correctly).

So what do we do?

I wish cyber security tools were better at blocking phishing emails, I really do. Working in the cyber realm has shown me how easy it is for phishing campaigns to get past all kinds of protections. Detecting phishing is still something that the human mind is much better at detecting than computers, but we need to be more vigilant.

We could talk about phishing all day, but there are a few things to keep in mind that should help you detect phishing threats:

  • Is the email from someone that you know? If not, don’t open the attachment or click any links unless you are confident that it’s legitimate. Check the sender address as well. If the email claims to be from your boss, Billy, take an extra second to check if it’s from billy@gmail.com rather than billy@mail.ru.
  • Does the subject or attachment make sense? If you don’t process invoices, please don’t open the random attachment named “invoice001.docx”. You will have a bad time. Subjects that are worded to scare or entice you into opening the email are generally doing so maliciously.
  • Does the email contain a link? If so, mouse over it. You’ll see an indication of where it’s going; if it’s any different than where it should be going (lkhskdhf.com rather than wellsfargo.com), then don’t click it!
  • Is the email out of the ordinary? Strange requests, grammatical failures, and spelling errors are all indicative of phishing. I’m not saying that you need to chastise your friend for typing “teh” instead of “the”, but it is common for criminal syndicates to run large phishing campaigns through translators (most phishing campaigns originate from non-English-speaking countries).

 

Images courtesy of Pixabay.

Please Login to comment
avatar
  Subscribe  
newest oldest most voted
Notify of
Miche
Member
Miche

HAHA! I clicked on the link to this article in my email (which I have done with many past Freq articles), and my account suddenly popped up with: “Suspicious link: This link leads to an untrusted site. Are you sure you want to proceed to thefreqmedia.com?” Apparently including the word “phishing” in the title makes you a suspect! Keep going with these articles, for real. I recently got an email with my username and password in the subject line, full of threats to publicly expose information copied from my computer unless I “compensated” the person via bitcoin. I usually roll… Read more »

Luke Ryan

I’ve seen some “threats” as well! Like, people threatening to release all sorts of information — as always, didn’t open it. trashed it. haha
And yeah, I think a lot of vulnerabilities a present in companies or individuals that can’t keep up with the rapidly changing times, leaving them open to exploitation. Gotta stay on the ball, which isn’t easy in the cyber world in this day and age.

Mic-Mac
Member
Mic-Mac

I get several phishing emails a week into my work emails. Our products are all custom, requiring specific details in regard to dimensions, heights, widths, angles, etc. When I get an email stating, “I need to order two of every product you sell” and need it expedited right away, I know it is a scam. Usually they will make it look like it is going to a military installation overseas, but the content is written so poorly, it is actually hysterical. The credit cards they are going to use to make the purchase are always stolen, and there is always… Read more »

%d bloggers like this: