Understanding Phishing

Security Center

Put simply, phishing refers to the act of trying to get personal information under false pretenses. Phishers who initiate these attacks may try to get user names, passwords, bank account information, credit card details, and more from their victims ultimately resulting in identity theft.

Phishing attacks usually occur through an e-mail that looks like it’s from a legitimate source. The e-mail (or website or phone call) will appear to be coming from a place the victim recognizes, like their bank, credit card company, or even a social network site. Thinking the source is legitimate, the victim will then answer questions or enter information that gives the phishers their personal details.

The crude, poorly formatted phishing emails of a few years ago have largely been replaced with professionally designed phishing attacks that are hard to distinguish from legitimate messages without careful examination.

In a new variation known as “spear-phishing,” hackers will research a target — usually a business executive or someone with a high net worth — to learn personal details or the names of connections to help legitimize their attack messages. Several financial executives, for instance, have been fooled by spear-phishing attacks that purported to be urgent requests from those executives’ bosses.

Understanding that these types of attacks occur allows you to be on the lookout for them. Here are a few specific tips for recognizing a phishing attempt:

  • Legitimate businesses or financial institutions will rarely ask you for your personal information by e-mail.
  • Phishers often use scare tactics and emotional language to intimidate their victims into responding. For example, “you need to respond now or we will put your account on hold.”
  • Phishing e-mails often have spelling and grammar mistakes. While reputable organizations proofread carefully, phishers do not.
  • Links in phishing e-mails may be not quite right. For example, an O being replaced with a zero or additional text at the beginning or end. Before you click on a link, hover over the text to see where it is pointing.

If you think you’ve received an e-mail that’s an attempt to get your information, you could just delete it.

However, if you’re concerned that it could be legitimate, your best option is to contact the company directly through other means. For example, if you receive an e-mail that looks like it’s from your bank, but you’re not sure, call the number on your statement. That way you’ll be sure the person on the other end is who they say they are. It is better to be safe than sorry when it comes to your security.

BACK TO RESOURCES
cyber liability and data breach

Is Your Technology & Data Covered?

Cover your business in the event of a data breach or loss of equipment. 
Back to Top