What is Phishing? Why should I care?
Phishing can be broadly labeled as an act where someone is targeted by someone else who is posing to be legitimate to gain confidential or sensitive information. There are other terms that are thrown out there when talking about phishing such as vishing, whaling, pharming, smishing and probably others!
What do these different terms mean?
- Vishing – V for voice; think of it as voice phishing. These attacks come in the for of a phone call.
Example: A call from someone stating they are your bank. They’ve detected fraudulent behavior on your account and they need to verify your identity by having you provide your debit card pin number.
How to handle: Tell the caller that you will call in and call a back with a reputable customer service number (the back of your debit or credit card should have a valid number). NEVER give sensitive information over the phone if a call was not initiated by you.
- Whaling – whaling attacks typically target high-profile employees like a Superintendent, Finance or Accounting employees. The goal of this type of attack it to get to someone who has the ability to authorize or process high value transactions.
Example: An email comes through stating it’s from your Superintendent asking you to wire a large sum to a specific account or to provide employee payroll information
How to handle: check the from address. Typically attackers will spell something wrong or use a different but similar domain name. Pick up the phone and call the person the emails is from to verify.
- Pharming – This attack is where a scammer installs malicious code to force your device to go to a fraudulent website instead of the legitimate one.
Example: you go to your banking website but the logo looks a little different and the login area has changed
How to handle: make sure you are using an antivirus product and that you keep it up-to-date. Make sure you install any operating system updates. Lastly, if a site looks off do not proceed. Verify the changes. Ask a friend to check the site or check the site on a different device. If there are noticeable differences use your antivirus software to do a scan and proceed from there.
- Smishing – S for SMS; this is SMS or Text Message Phishing. In this attack the attacker sends you suspicious text message that may ask you to install an application or click on a link and provide information.
Example: You get a text message that states “You have been randomly selected to receive a $1000 pre-paid Visa gift card! Click this link to redeem your prize! www.youareawinner.com/winner1000”
How to Handle: Notice that this is “too good to be true” and ignore the message. Delete it. Never click a link where you do not know the sender and expect the message.
Tips and Tricks to Spot a Phish
- Hover over all links and make sure they are legitimate checking for misspellings, transpositions and extra characters
- Do not trust emails, phone calls or text messages from unknown or unvalidated senders
- If something seems off about a website trust your instincts and verify that the site is legitimate
- Protect your personal information including but not limited to: username, password, baking information, employment information
- Make sure anyone requesting information is who they say they are by verifying their identity in a different form from the request. Example a call from an unknown number saying they are with your security company; call the security company at the number you have and ask if they called
- Don’t open attachments from sources you do not trust and use caution opening attachments from trusted senders
Are you ready to test your knowledge? Go to https://phishingquiz.withgoogle.com/ to see if you can spot the phish!