The act of sending an email to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. I'm sure you've seen them. And curiosity may have even prompted you to click on a few of these before. And with the millions of these types of emails sent out every day, you can imagine the potential success rate for these con artists. The most successful phishing emails are the ones received by people who actually have accounts with that company, so they blindly click on it thinking it may be something of interest. A global study released by the Anti-Phishing Working Group (APWG) in 2014 suggests that 54% of phishing emails targeted major bands including Apple, PayPal, and Chinese marketplace Taobao. I've even seen one from Bank Of America where at least 5 people on campus answered with their account information before anyone contacted us in IT. That can empty a bank account REAL fast.
Here's a few things to look for if you ever get suspicious of an email:
- Many phishing attempts originate from outside the U.S. so they often have misspellings and grammatical errors. Some have an urgent tone and they seek sensitive information that legitimate companies don't typically ask for via e-mail.
- Check the sender information to see if it looks legitimate. Criminals will choose addresses that are similar to the one they are faking. Google the real name of the sender and compare to their website. Maybe even give them a quick call to verify.
- Legitimate companies tend to use customer names or user names in the e-mail, and banks often will include part of an account number. Phishing emails typically offer generic greetings, like “Dear PayPal customer.”
- Inspect the hyperlinks inside the body of the e-mail. Phishers typically will use subdomains or letters or numbers before the company name, and sometimes the words in the links are misspelled. By mousing over the link you can see the real address on the bottom of most Web browsers.
- Don't open e-mail attachments that you did not expect to receive. Don't open download links in IM. And don't enter personal information in a pop-up window or e-mail.
- Make sure you are using a secure Web site when submitting financial and sensitive information. That means https:// will be seen in the URL address bar instead of just http:// and usually there will be some other change in the address bar. For instance the first part of the URL will be highlighted green.
As a general rule, if you are entering sensitive, personal or financial information on the web, you should have been the one who initiated the process. If not, stop and re-establish communication on your own via publicly published means like the company website or phone numbers. Please be aware that the dangers are real. Identity theft can cause you major problems.
Get involved!
Comments