What is Phishing
How to Recognize It

[ fiSHiNG ] "NOUN"

The fraudulent practice of sending emails in order to induce individuals to
reveal personal information, such as passwords and credit card numbers

Updated: September 29, 2020
By: RSH Web Editorial Staff
phishing
Menu

Phishing

One of the oldest hacking techniques. It is also one of the simplest, and, surprisingly, one of the most effective. Most people do not even suspect that anything is amiss when under phishing attacks because they do not realize what it is or how it works

Below is listed what you need to know about phishing, including how to protect yourself from the most common phishing attacks

Defining Phishing

Phishing is all about deception. Hackers impersonate other people or entities in a attempt to gain your trust and get you to reveal sensitive information such as credit card numbers and passwords. Alternatively, the hackers will try to get you to download damaging malware and spyware that then collects sensitive data and sends it back to them

Most phishing attacks are random and wide spread, designed to target a large group of people with the hope that some victims fall for the trap. However, there are two more distinct forms of phishing:

Spear Phishing

In this case hackers target a specific individual for a variety of reasons. These may be partners, work colleagues, friends, and relatives, or prominent people. 91% of Cyber Attacks and the resulting data breach begin with a spear phishing email, according to research from security software firm Trend Micro

Whale Phishing

In this case hackers target specific individuals that are prominent and stand out in society. These may be CEOs of major companies, celebrities, or politicians, among others. Because of the people who would have access to large and sensitive data bases “Whales” are carefully chosen for their access within the company. The goal of a whaling attack is to trick a CEO or Executive into revealing personal or corporate data, often through email and website spoofing

domain hosting resources

Three Common Phishing Techniques and Their Solutions

Hackers use a variety of techniques to phish information off their victims. Three in particular are very popular. They are quite effective

Email Phishing

Email is the most popular platform for phishing as emails are easy to fake (for hackers) and difficult to authenticate (for victims). It accounts for over 90% of all phishing attacks

Email phishing is some what simple. Suppose a hacker wants the log-in details of your online PayPal account. The hacker might register a Domain Name that looks a lot like PayPal's and design the email to look like PayPals Email. The email will then alert you to a reason why you need to log in to your PayPal account

The most common PayPal alert look like you have a security breach that requires you to change your passwords

The trick in email phishing is that the emails come with links to the supposedly real website. However these websites are also replicas. Once you click on the link it redirects you to the replica website that then collects your log-in information. The links may also download malware and spyware that then collects your sensitive data

The solution to email phishing is to be wary of all emails. Never click any links in the email. If you have to check into the said alerts then go directly to the website itself

Telephone Phishing

Telephone phishing is also popular, and it is threatening to become even worse with the rise of robot calls. In this case, all a hacker needs is a relevant phone number and a good tongue

Numbers that appear on the caller ID are easy to replicate and spoof. As such, mainstream numbers that are saved on your phone book will easily pass off as authentic when under a telephone phishing attack. This is why most hackers impersonate major service organizations such as banks and governments. The common tactic is to call with a false alarm that somehow will require you to share sensitive information such as bank account numbers. However, hackers can also go an extra mile to target specific individuals by spoofing phone numbers of their personal contacts

Authentication is just as hard with telephone phishing as it is with email phishing. As such, you should always check twice. As such, if a major organization calls asking for sensitive information then make sure that you get the callers name and position. This usually scares hackers away. Alternatively, hang up and call back directly to the company
See our Blog on Outsmarting the Smart Devices

Website Phishing

Phishers are becoming more and more sophisticated in designing their phony websites. It's all about deception. Hackers create websites that look exactly like the original and try to lure people to these websites. Hackers usually target major websites dealing with sensitive issues such as finance and personal data

Here are some signs to look for that can help you distinguish a real website from a phishing site

Check the URL or Web address. Just because the address looks right do not assume you are on a legitimate site. Look in your Browser's address bar for these signs that you may be on a phishing site

Incorrect company name. Often the web address of a phishing site looks correct but actually contains a common misspelling of the business name. Or a character or symbol before or after the company name. Also look for tricks such as substituting the number "1" for the letter "l" in a Web address (for example, www.paypa1.com instead of www.paypal.com)

"http://" at the start of the website address. Most all websites address starts with "https://" today. The letter "s" should be included

Be leery of pop-ups. Be careful if you are sent to a website that immediately displays a pop-up window asking you to enter your username and password. Phishing scams may direct you to a legitimate website and then use a pop-up to gain your account information

Learn More About Phishing

The following documents and websites from Cybersecurity and Infrastructure Security Agency (CISA) can help you learn more about phishing and how to protect yourself against phishing attacks

Avoiding Social Engineering and Phishing Attacks
Protecting Your Privacy
Understanding Web Site Certificates
Federal Trade Commission, Identity Theft
Recognizing and Avoiding Email Scams
Anti-Phishing Working Group (APWG) Report phishing emails

Keep Personal Information Private

The best way to avoid all forms of phishing attacks is to keep all your sensitive information private. Never share it with anyone via email, over the phone, or on suspicious websites

Comments

We welcome your comments, questions, corrections and additional information relating to this article. Please be aware that off-topic comments will be deleted.
Or if you need specific help with your account, feel free to contact us anytime
Thank you


COMMENTS


Jim J
Awesome, Keep going


Ian B
Thank You for sharing this article, it will help to protect anyone


Tweet  Share  Pin  Tumble  Email