Phishing explained

Phishing is a topic that is very relevant to individuals and organizations.  Phishing is an attempt by a malicious actor to trick a user into sharing valid credentials to allow them to gain a means of authenticating and developing a presence in the network.  Interestingly, this is an older method of hacking that dates back to the 1990s.  Fruhlinger (2018) explained that phishing is successful because the attacker appears to be a trusted entity, such as an email provider or bank, and uses a link or attachment to trick the user.  Many current phishing schemes redirect a user with a link to a fake webpage that appears to be a legitimate login page and the user enters their credentials allowing the attacker to capture the legitimate credentials.

So what are some practical methods to prevent falling for a phishing attack?  The first is to not immediately click on links within emails.  As an example, if you hover over the following link you will see that although the link appears to redirect to Google, it will actually direct you to giggle.com www.google.com.  The lesson here is that inspecting the links in emails before clicking can prevent you from being tricked.

Another preventative action is to inspect the sender’s email address.  For instance, you may think receive an email from a friend, but the actual email address does not match exactly; such as someone@mail.google.com compared to someone@mail.gooogle.com.  Initial glance these two seem identical but if one is to look closely, it is obvious that the second one has an extra “o”.

Finally, if you receive an email that claims to be your email provider, bank, or some other important entity and asks you to verify your username and password it is not legitimate.  No bank or other legitimate organization would ask you to verify your username and password.

Phishers continue to advance their tactics and increase capabilities to appear as legitimate emails.  Taking simple steps like inspecting links in emails can protect you from becoming a victim of phishing.  Also taking time to evaluate the “from” line of an email can help protect against phishing, and there is never a legitimate reason for an organization to request your username and password.  Taking a little extra time for these actions can protect your online accounts.  To read about what can happen when an organization gets compromised because of a phishing attack read the Phishing for Unity blog.

References

Fruhlinger, J. (2018, August 09). What is phishing? How this cyber attack works and how to prevent it. Retrieved from https://www.csoonline.com/article/2117843/phishing/what-is-phishing-how-this-cyber-attack-works-and-how-to-prevent-it.html

Leave Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.