What Is Phishing?
Phishing is the process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity using bulk email which tries to evade spam filters.
A basic phishing attack by “Scammers” or “Phishermen” attempts to trick or lure a user into entering personal details or other confidential information via email, as it’s the most common method of performing these attacks.
Their goal is to obtain, one of more of the following;
- Passwords
- Financial Information
- Personal Identify (Identify Theft)
- Money
Why do people get Phished (Hooked)?
1. They don’t know any better
Most people are unaware of any fraudulent emails that they may receive. As part of their busy day, they make an assumption that all emails are legitimate, as they assume they work in a corporate, safe, and secure environment.
Generally, people simply don’t have the time to carefully analyze every message which lands in their inbox – phishers know that and use this to their advantage.
2. They know better, but can’t resist the urge to click
Phishers understand Human Instinct. By simply creating an email (Lure) that requires an Immediate Call to Action or Sense of Urgency, scammers know how to prey on weaknesses.
Email examples include:
- Bank asks you to confirm your balance
- Credit Card has been declined
- CRA is requesting immediate action
- Cell phone service will be cancelled
3. The emails are so targeted and realistic that they are undetectable as fakes
This a popular scam, as the email subject line and the message content look very professional and relevant to the user. One needs to really analyze this email to find irregularities. For example, if an email comes from something that looks like the CRA with a “click here” link or other, you may be phished. In this example, only experience and training will tell you that the CRA does not email individuals. If you get an email from your Bank or Card company, simply call them directly and ignore the email.
4. They think it will never happen to them
The sheer number of emails sent every single day means that it’s an obvious attack vector for cyber criminals. According to Symantec, it’s estimated that 3.7 billion people send around 269 billion emails every single day and that 1 in every 2,000 of these emails is a phishing email – meaning around 135 million phishing attacks are attempted every day…and it could happen to You!
5. Email users need to be properly trained
Users need to coached and/or provided with a reasonable awareness of the challenges associated with Phishing and/or other scamming techniques. As email becomes more and more pervasive for corporate communications, the greater the user awareness and combative knowledge in terms of addressing Cyber Theft, the better and more secure it will be for both the user and the corporate environment.
The Bottom Line is…
When it comes to Phishing……don’t get Hooked!