Phishing is a type of attack carried out to steal Personally Identifiable Information (PII) such as usernames, passwords, credit card information, and/or other sensitive data.
Hackers prey on the innocent user, who may click on the links in a Phishing email to:
- Gain access to their username and passwords
- Steal money from victims (modify direct deposit information, drain bank accounts)
- Perform identity theft (run up charges on credit cards, open new accounts)
- Send spam from compromised email accounts
Hackers can also use your public information and relationship with the spoofed “sender” to get you to:
- Purchase gift cards
- Send money electronically
- Get you to click on a malicious link and install malware or ransomware on your device
Phishing is most often seen in the form of malicious emails pretending to be from credible sources like friends or family, banks, governments, popular websites e.g. amazon google, and organizations related to your place of work or study.
These emails may
- say they’ve noticed some suspicious activity or log-in attempts
- claim there’s a problem with your account or your payment information
- trick you into thinking you have to change your password
- state that you are running out of space in email or file storage
- say you must confirm some personal information
- include a fake invoice
- want you to click on a link to make a payment
- say you’re eligible to register for a refund
- offer a coupon for free stuff
Recognizing phishing emails
Here are some general clues that an email isn’t legitimate but is instead a phishing email:
Many phishing emails are filled with grammatical errors, odd capitalization, and misspellings. The emails might also contain odd phrases or sentences that sound a bit off. Read your email aloud. If something doesn’t sound right, or professional, be suspicious. It could be a phishing attack.
Phishers will often cut and paste the logos of popular companies, government agencies, banks and credit card providers in their phishing emails. If the logo is of low quality — it’s fuzzy, indistinct, or tiny — this is a sign that the person contacting you doesn’t really work for that company.
Funny Looking URL
One of the easiest ways to tell if an email is a scam is to hover over whatever link the message is asking you to click. This will show the link’s URL (website address). Often, you’ll see that the URL doesn’t belong to whatever company is supposedly sending you the message. try the link below for example
“Visit www.cybersafett.com for your password check-up today!”
Again, this is a sign that a scammer is trying to trick you. Just be careful when hovering. You don’t want to accidentally click on the link as the website may also be filled with automatically installing malware.
Still unsure what a Phishing email looks like?
Visit the CyberSafeTT Phish Tank to see some examples of phishing emails.4