Phishing occurs when hackers attempt to obtain sensitive information such as passwords or
credit card details by pretending to be a reputable organisation via electronic communication channels. The hackers craft these emails in such a way that they appear to come from a legitimate organisation, thus fooling the victim into trusting the email. The email contains links that direct the victim to a website created by the hacker, spoofing the legitimate site. The only noticeable diﬀerence between the two web pages may be the URL, which ignorant victims may not spot.
Photo Credit: Pixabay.com
How does phishing work?
At the fake website, the hacker tricks the victim into inputting their login details as if they were logging in as usual. Sometimes, the hacker (often called “phisher”) asks for more information, such as address, phone number, social security number, or credit card number. Once the victim “logs in”, the phisher harvests these credentials. They can then use these credentials to log into the victim’s account on the real website and steal further information.
In some cases, phishers may search for background information on their victim to make the scam seem more convincing. They may use social networks to find out their place of employment, their leisure activities, and email addresses. This information may be used by the phisher to choose what organisation to spoof and convince the victim that the phisher is part of a legitimate organisation of which they are already a customer.
What do phishing emails look like?
There are some obvious signs of a phishing email; they are poorly written, ask for personal information very directly and contain no clear indicators that they are from a legitimate company. However, as public awareness increases, phishers are becoming increasingly wily with their emails. Phishers depend on individuals being fooled by their emails. Hackers can make their attempts more auspicious by including logos, signature graphics, and background data collected from internet searches of their victim. By including more detail, the hacker can fool the victim into thinking the real corporation is contacting them.
How can you avoid being “phished”?
Education is vital when avoiding phishing scams; the techniques mentioned above is only a brief overview of the nature of these emails. Hackers are creating ever more complex scams, so further measures may need to be put into place to avoid adverse outcomes.
Technical safeguards are available to help block phishing attempts. Users can install gateway filters such that mass-targeted phishing emails are blocked and the number of scam emails reaching a user’s inbox is reduced. In the event of an email making it through these filters, installing a web security gateway can prevent users from reaching the target of the malicious link should it be clicked on. These web security gateways work by checking the URL of the destination site against an expanding database of sites suspected of distributing malware.
The Internet holds a wealth of resources which you can use to arm yourself with knowledge and software to protect yourself from phishing attacks.