Phishing is the attempt to acquire
sensitive information such as usernames, passwords, and credit card details (and
sometimes, indirectly, money), often for malicious reasons, by masquerading as a
trustworthy entity in an electronic communication.
What to look for in a phishing email
- Generic greeting.
Phishing emails are usually sent in
large batches. To save time, Internet criminals use generic
names like "First Generic Bank Customer" so they don't have to
type all recipients' names out and send emails one-by-one. If
you don't see your name, be suspicious.
- Forged link.
Even if a link has a name you recognize
somewhere in it, it doesn't mean it links to the real
organization. Roll your mouse over the link and see if it
matches what appears in the email. If there is a discrepancy,
don't click on the link. Also, websites where it is safe to
enter personal information begin with "https" — the "s" stands
for secure. If you don't see "https" do not proceed.
- Requests personal information.
The point of sending
phishing email is to trick you into providing your personal
information. If you receive an email requesting your personal
information, it is probably a phishing attempt.
- Sense of urgency.
Internet criminals want you to
provide your personal information now. They do this by making
you think something has happened that requires you to act fast.
The faster they get your information, the faster they can move
on to another victim.
Phishing attacks directed at specific individuals, roles, or organizations
are referred to as "spear phishing". Since these attacks are so pointed,
attackers may go to great lengths to gather specific personal or institutional
information in the hope of making the attack more believable and increasing the
likelihood of its success.
The best defense against spear phishing is to carefully, securely discard
information (i.e., using a cross-cut shredder) that could be used in such an
attack. Further, be aware of data that may be relatively easily obtainable
(e.g., your title at work, your favorite places, or where you bank), and think
before acting on seemingly random requests via email or phone.
How do you avoid being a victim
To report Phishing attempts contact: