The phenomenon of using phishing emails to gain access to sensitive information is still going strong. Unfortunately, fraudsters’ tactics have become more sophisticated as efforts to stop them have increased over the years. It is for this reason that companies worldwide have had to be vigilant in helping to protect their customers to whatever degree possible.
In a new article on Digital Guardian, “What is a Phishing Attack? Defining and Identifying Different Types of Phishing Attacks” by Nate Lord, phishing is described as “a form of social engineering that uses email or malicious websites (among other channels) to solicit personal information from an individual or company by posing as a trustworthy organization or entity.” The article goes on to explain:
“Phishing attacks often use email as a vehicle, sending email messages to users that appear to be from an institution or company that the individual conducts business with, such as a banking or financial institution, or a web service through which the individual has an account.
The goal of a phishing attempt is to trick the recipient into taking the attacker’s desired action, such as providing login credentials or other sensitive information. For instance, a phishing email appearing to come from a bank may warn the recipient that their account information has been compromised, directing the individual to a website where their username and/or password can be reset. This website is also fraudulent, designed to look legitimate, but exists solely to collect login information from phishing victims.
These fraudulent websites may also contain malicious code which executes on the user’s local machine when a link is clicked from a phishing email to open the website.”
Phishing first appeared in the late 1980s, when a hacking tool was used in attempts to steal information from America Online users. But it really flourished from 2005 to the present, with attacks increasing in frequency almost every year. Today, there are several defined phishing techniques, and each of them represent thousands of attacks that aim to steal sensitive personal or financial data.
So, what are consumers to do? Basically, be as smart in regards to emails as you would with any phone call or knock on your door from a stranger, even if they appear “official” or present themselves as being from a trusted source or company. Financial institutions, in particular, will not ask you to click a link in an email to enter your login information. Instead, you should always log in on your own, from your browser, to avoid falling victim to a phishing scheme.
USA.gov has helpful information their site in regards to phishing and vishing (similar to phishing, but more traditional: fraudsters try to get your information over the phone). Here are some of the tips:
Legitimate companies never ask for your password or account number via e-mail. If you receive a phishing e-mail there are several actions you should take:
• Don't click on any links in the e-mail. They can contain a virus that can harm your computer. Even if links in the e-mail say the name of the company, don't trust them. They may redirect to a fraudulent website.
• Don't reply to the e-mail itself. Instead forward the e-mail to the Federal Trade Commission at email@example.com.
• If you believe that the e-mail is valid, contact the company using the phone numbers listed on your statements, on the company's website, or in the phone book. Tell the customer service representative about the e-mail and ask if your account has been compromised. You can also contact the company online by typing the company's web address directly into the address bar; never use the links to provided in the e-mail.
• If you clicked on any links in the phishing e-mail or replied with the requested personal information, Contact the company directly to let them know about the email and ask to have fraud alerts placed on your accounts, have new credit cards issued, or set new passwords.
As long as there are victims handing over their sensitive data, phishing schemes will continue to propagate and do their damage on us and the economy. It is only through educating ourselves, and learning to delete and/or report suspicious emails and other web scams that phishing can be avoided.