Phishing: A new type of cyber crime
There’s a new type of Internet piracy called
“phishing.” It’s pronounced “fishing,” and that’s exactly what these thieves
are doing: “fishing” for people’s personal financial information.
Phishing is a cyber-crime in which a target or targets are contacted by email,
telephone or text message by someone posing as a legitimate institution to lure
individuals into providing sensitive data such as personally identifiable
information, banking and credit card details, and passwords.
Phishing is when a scammer uses fraudulent emails or
texts, or copycat websites to get people to share valuable personal information
– such as account numbers, Social Security numbers, or people’s login IDs and
passwords. Scammers use anyone’s information to steal their money or identity
or both.
Types of phishing
That said,
there are a variety of techniques that fall under the umbrella of phishing. Generally,
a phishing campaign tries to get the victim to do one of two things:
-
Hand over
sensitive information. These
messages aim to trick the user into revealing important data — often a username
and password that the attacker can use to breach a system or account. The
classic version of this scam involves sending out an email tailored to look
like a message from a major bank; by spamming out the message to millions of
people, the attackers ensure that at least some of the recipients will be
customers of that bank. The victim clicks on a link in the message and is taken
to a malicious site designed to resemble the bank's webpage, and then hopefully
enters their username and password. The attacker can now access the victim's
account.
-
Download
malware. Like a lot of spam, these types of phishing emails aim to get the victim
to infect their own computer with malware. Often the messages are "soft
targeted" — they might be sent to an HR staffer with an attachment that
purports to be a job seeker's resume, for instance. These attachments are often
.zip files, or Microsoft Office documents with malicious embedded code. The
most common form of malicious code is ransomware — last year it was estimated
that 93 percent of
phishing emails contained ransomware attachments.
how phishing works?
In a typical case, users will receive
an e-mail that appears to come from a reputable company that you recognize and
do business with, such as users’ financial institution. In some cases, the
e-mail may appear to come from a government agency, including one of the
federal financial institution regulatory agencies.
The e-mail will probably warn users of a
serious problem that requires their immediate attention. It may use the
phrases, such as “Immediate attention required,” or “Please contact us
immediately about your account.” The e-mail will then encourage users to click
on a button to go to the institution’s Web site.
In either case, users may be asked to update their
account information or to provide information for verification purposes: i.e., Social
Security number, account number, password, and place of birth.
How to protect from
phishing
I.
Never provide personal
information in response to an unsolicited request, whether it is over the phone
or over the Internet.
II.
If it’s seems the
contact may be legitimate, have contact the financial institution immediately. Users
can find phone numbers and Web sites on the monthly statements they receive
from the financial institution
III.
Never should not
provide password over the phone or in response to an unsolicited Internet
request. A financial institution would never ask users to verify their account
information online.
IV.
Review account
statements regularly to ensure all charges are correct.
Source: https://www.zdnet.com/article/what-is-phishing-how-to-protect-yourself-from-scam-emails-and-more/
