Phishing: A new type of cyber crime

Phishing: A new type of cyber crime

There’s a new type of Internet piracy called “phishing.” It’s pronounced “fishing,” and that’s exactly what these thieves are doing: “fishing” for people’s personal financial information.

Phishing is a cyber-crime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.

Phishing is when a scammer uses fraudulent emails or texts, or copycat websites to get people to share valuable personal information – such as account numbers, Social Security numbers, or people’s login IDs and passwords. Scammers use anyone’s   information to steal their money or identity or both.

Types of phishing

That said, there are a variety of techniques that fall under the umbrella of phishing. Generally, a phishing campaign tries to get the victim to do one of two things:

-       Hand over sensitive information. These messages aim to trick the user into revealing important data — often a username and password that the attacker can use to breach a system or account. The classic version of this scam involves sending out an email tailored to look like a message from a major bank; by spamming out the message to millions of people, the attackers ensure that at least some of the recipients will be customers of that bank. The victim clicks on a link in the message and is taken to a malicious site designed to resemble the bank's webpage, and then hopefully enters their username and password. The attacker can now access the victim's account.

-       Download malware. Like a lot of spam, these types of phishing emails aim to get the victim to infect their own computer with malware. Often the messages are "soft targeted" — they might be sent to an HR staffer with an attachment that purports to be a job seeker's resume, for instance. These attachments are often .zip files, or Microsoft Office documents with malicious embedded code. The most common form of malicious code is ransomware — last year it was estimated that 93 percent of phishing emails contained ransomware attachments.

how phishing works?

In a typical case, users will receive an e-mail that appears to come from a reputable company that you recognize and do business with, such as users’ financial institution. In some cases, the e-mail may appear to come from a government agency, including one of the federal financial institution regulatory agencies.

The e-mail will probably warn users of a serious problem that requires their immediate attention. It may use the phrases, such as “Immediate attention required,” or “Please contact us immediately about your account.” The e-mail will then encourage users to click on a button to go to the institution’s Web site.

In either case, users may be asked to update their account information or to provide information for verification purposes: i.e., Social Security number, account number, password, and place of birth.

How to protect from phishing

 I.          Never provide personal information in response to an unsolicited request, whether it is over the phone or over the Internet.

II.          If it’s seems the contact may be legitimate, have contact the financial institution immediately. Users can find phone numbers and Web sites on the monthly statements they receive from the financial institution

III.          Never should not provide password over the phone or in response to an unsolicited Internet request. A financial institution would never ask users to verify their account information online.

IV.          Review account statements regularly to ensure all charges are correct.

Source: https://www.zdnet.com/article/what-is-phishing-how-to-protect-yourself-from-scam-emails-and-more/