Phishing Security Awareness

Beware-Of-Phishing

Phishing Definition 

Phishing is an e-mail fraud method in which the perpetrator sends out legitimate-looking email in an attempt to gather personal and financial information from recipients. Typically, the messages appear to come from well-known and trustworthy Web sites. Web sites that are frequently spoofed by phishers include PayPal, eBay, MSNForex, BestBuy, and America Online. A phishing expedition, like the fishing expedition it’s named for, is a speculative venture: the phisher puts the lure hoping to fool at least a few of the prey that encounter the bait.

Phishing Methods   

Phishing is one of the most common e-mail based attacks. It uses social engineering, a technique where cyber attackers attempt to fool you into taking an action. Phishing was a term originally used to describe an attack designed to steal your online banking login details. However, the term has evolved and now refers to almost any cyber-attack sent by e-mail.

A phishing attack begins with an e-mail pretending to be from someone or something you know or trust, such as your bank or your favorite online store.

These e-mails then try to entice you into taking an action, such as clicking on a link, opening an attachment, or responding to a message. Cyber criminals craft these convincing e-mails and then send them out to thousands, if not millions, of people around the world. The criminals do not have a specific target in mind, nor do they know exactly who will fall victim. They simply know the more e-mails they send out, the more people they may be able to fool. Phishing attacks often have one of the following objectives:

• Harvesting Information:

The cyber attacker’s goal is to fool you into clicking on a link and taking you to a website that asks for your login and password or perhaps your favorite color or mother’s maiden name. These websites may look legitimate with exactly the same look and feel of your online bank, but they are designed to steal information that could give them access to your online account.

• Controlling your computer through malicious:

links: Once again, the cyber attacker’s goal is for you to click on a link. However, instead of harvesting your information, the goal is to infect your computer. If you click on the link, you are directed to a website that silently launches an attack against your browser, and, if successful, these cyber criminals have full control over your computer.

• Controlling your computer through malicious:

attachments: These are phishing e-mails that have infected attachments, such as infected PDF files or Microsoft Office documents. If you open these attachments they attack your computer, and if successful, give the attacker complete control.

SAFE from Phishing

 

Phishing Protection   

  • Do not Open unexpected or suspicious e-mails or attachments. Delete them if they do not concern you or if they appear weird.
  • Stop-think-click. Do not click on suspicious links, but only click if you trust their origin
  • Protect your passwords. Do not type them on untrusted computers or web sites.
  • Do not install untrusted software or plug-ins. Indeed, software from untrusted sources may infect or compromise your computer.
  • Be wary of contextually relevant emails from unknown senders.
  • Be suspicious of any e-mail that requires  immediate action or creates a sense of urgency. This is a common method used to trick people.
  • Be suspicious of e-mails addressed to “Dear Customer” or some other generic salutation.
  • Be suspicious of grammar or spelling mistakes, most businesses proofread their messages very carefully.
  • If a link in an e-mail seems suspicious, hover your mouse over the link. This will show you the true destination where you would go if you actually clicked it. The link that is written in the e-mail may be very different than where it will actually send you.
  • Do not click on links. Instead copy the URL from the email and paste it into your browser. Even better is to simply type the destination name into your browser. For example, if you get an email from UPS telling you your package is ready for delivery, do not click on the link. Instead, go to the UPS website and then copy and paste the tracking number.
  • Be suspicious of attachments; only open attachments that you were expecting.

 Think Before You Link

PROTECTING TODAY, SECURING THE FUTURE

27
AUG
2015
0
  Related Posts
  • No related posts found.