Phishing

Updated: 11/30/2020 by Computer Hope
Phishing

Pronounced like fishing, phishing is a term used to describe a malicious individual or group who scam users. They do so by sending e-mails or creating web pages designed to collect an individual's online bank, credit card, or other login information. Because these e-mails and web pages look legitimate users trust them and enter their personal information. The information below shows examples of phishing attempts and ways to avoid a phishing attack.

Example of phishing e-mail

Dear eBay customer,

Your Account is Suspended. We will ask for your password only once. We will charge your account once per year. However, you will receive a confirmation request in about 24 hours after the make complete unsuspend process. You have 24 hours from the time you'll receive the e-mail to complete this eBay request.
Note: Ignoring this message can cause eBay TKO delete your account forever.

To make unsuspend process please use this link:

http://fakeaddress.com/ebay
eBay will request personal data(password;and so on) in this e-mail.
Thank you for using eBay!
http://www.ebay.com
---------------------------------------------------------------------
This eBay notice was sent to you based on your eBay account preferences. If you would like to review your notification preferences for other communications, click here. If you would like to receive this e-mail in text only, click here.

To those who frequently use online services, these e-mails may appear as if they have come from the company. However, these e-mails are designed to make a user want to click a link that helps them steal personal information such as usernames, passwords, credit card, and personal information. Below are some helpful tips on identifying these e-mails and how to handle them.

How to identify a phishing e-mail

Identifying a phishing e-mail is key to avoiding a phishing attack. Here are some things to look out for when reading e-mail.

  1. Wrong company - These e-mails are sent out to thousands of different e-mail addresses and often the person sending these e-mails has no idea who you are. If you have no affiliation with the company the e-mail address is supposedly coming from, it is fake. For example, if the e-mail is coming from Wells Fargo bank but you bank at a different bank.
  2. Spelling and grammar - Improper spelling and grammar are often a dead giveaway. Look for obvious errors.
  3. No mention of account information - If the company were sending you information regarding errors to your account, they would mention your account or username in the e-mail. In the above example, the e-mail says "eBay customer." If this was eBay, they would mention your username. However, be cautious of spear phishing, which is a type of phishing where the attacker knows some personal information.
  4. Deadlines - E-mail requests an immediate response or a specific deadline. For example, in the above example, the requirement to log in and change your account information within 24 hours.
  5. Links - Although many phishing e-mails are getting better at hiding the true URL you are visiting, often these e-mails list a URL that is not related to the company's URL. For example, in our above eBay example, "http://fakeaddress.com/ebay" is not an eBay URL, only a URL with an "ebay" directory. If you are unfamiliar with how a URL is structured, see the URL definition for additional information.

What to do if you are not sure if an e-mail is official

  • Never follow any links in an e-mail. Instead of following the link in the e-mail, visit the page by manually typing the address of the company. For example, in the example above, instead of visiting the fake eBay URL, you would type: https://www.ebay.com in your web browser and log into the official website.
  • Never send any personal information through e-mail. If a company is requesting personal information or says your account is invalid, visit the website and log into the account as you normally would.
  • Finally, if you are still concerned about your account or personal information, contact the company directly, either through their e-mail address or over the phone.

Issues commonly contained in phishing e-mails

Below are some of the issues a phishing e-mail may inquire about to trick users.

  • Account issues - account or password expiring, account being hacked, account out-of-date, or account information needing to be changed.
  • Credit card or other personal information - credit card expiring or being stolen, incorrect social security number or other personal information, or duplicate credit card or other personal information.
  • Confirming orders - a request for you to log in to confirm recent orders or transactions.

Common companies affected by phishing attacks

Below is a listing of companies phishers most often try to attack.

  • Any major bank.
  • Popular websites, such as Amazon, Facebook, MySpace, PayPal, eBay, Microsoft, Apple, Hotmail, YouTube, etc.
  • Government: FBI, CIA, IRS, etc.
  • Internet service providers, such as AOL, Comcast, Cox, MSN, etc.
  • Casinos and lottery.
  • Online dating or community websites.

I've fallen for a phishing attack, what should I do?

If you've read this page too late and have already fallen for a phishing attack, log into your account from the company's page and change your password immediately. Also, it is a good idea to scan your computer for malware, in case the site has infected your computer. Finally, if the company supports two-factor authentication, it is also a good idea to enable this feature on your account.

If you believe personal information was stolen, it is also a good idea to watch all your accounts for suspicious activity.

419, Blagging, Catfish, Chain mail, Clickjacking, Computer crime, Computer slang, Con, Cross-site scripting, E-mail, E-mail terms, Harvesting, Hoax, Identity theft, Internet terms, Man-in-the-middle attack, Pharming, Security terms, Spam, Spear phishing, Theft, Vishing, Whaling