Don’t Get Hooked!

What is Phishing?

Phishing is a psychological attack used by cyber criminals to trick you into giving up information or taking an action.  Phishing originally described email attacks that would steal your online username and password, however, the term has evolved and now refers to almost any message-based attack.  These attacks begin with a cyber criminal sending a message pretending to be from someone or something you know, such as a friend, your bank, or a well-known store.

These messages then entice you into taking action, such as clicking on a malicious link, opening an infected attachment, or responding to a scam. Cyber criminals craft convincing-looking emails and send them to millions of people around the world.  The criminals do not know who will fall victim, they simply know that the more emails they send out, the more people they will have the opportunity to hack. In addition, cyber criminals are not limited to just email but will use other methods such as instant messaging or social media posts.

What is Spear Phishing?

The concept is the same as phishing, except that instead of sending random emails to millions of potential victims, cyber attackers send targeted messages to a few select individuals.  With spear phishing, the cyber attackers research their intended targets, such as by reading the victims Facebook or any message they post on public blogs or forums.  Based on this research, the attackers then create a highly customized email that appears relevant to the intended targets.  This way the individuals are far more likely to fall victim.

Why Should I Care?

You may not realize it, but you are a phishing target at work and at home. You and your devices are worth a tremendous amount of money to cyber criminals and they will do anything they can to hack them.  Your awareness is the most effective way to detect and stop phishing.

What are some phishing indicators I can look for?