In simple terms, Phishing is a type of attack where electronic communication is used as bait to lure unsuspecting recipients to carry out an action resulting in the compromise of their information or data. This is performed typically by someone who is generally out to make illicit gains, or cause harm to an individual or company.
As a way to conduct social engineering, phishing is performed by using electronic communication platforms, such as SMS, email or instant messaging.
These are often disguised to look like they come from a real or legitimate source the recipient would generally trust, such as a bank or IT admin. A successful phishing attempt hopes to retrieve sensitive information or data, like usernames, passwords, or credit card details.
An example of a common phishing email is from one claiming to be ‘PayPal’, usually telling the recipient that something has gone wrong with a recent purchase, and your details are required to fix the issue. This is accompanied by a link which directs the victim to the attacker-controlled site, which appears to be legitimate but is actually a clone. If convinced, the victim will enter their private information within the fake website where the attacker can access.
As electronic communication is typically borderless, legislation and enforcement attempts vary around the globe. Therefore, the best layer of protection for phishing comes from individual knowledge and awareness. Being attentive is critical when dealing with your inbox.
Below are some basic ways to protect yourself:
- Do not open unexpected emails, or those from senders you do not recognise.
- If an email looks like it may come from somewhere familiar, avoid clicking on links within the email, unless you were expecting the email (for example, if you had just requested a link to reset a password). Instead, without following the link, visit the site through a browser.
- Watch out for strange looking email addresses.
- Take note of misspelt or weirdly worded messages.
- Do not reply to or forward chain emails.
- Ensure that anti-virus solutions scan email attachments before opening them. Attachments can contain malware or links to download malware.
- Only give your email address to people and organisations you are confident can be trusted.
- Consider using a separate email address for social networking, online shopping, and banking.
Phriendly Phishing has helped organizations of all sizes reduce their security risk and can help you transform your stuff into phishing detection heroes you can be proud of. To learn more about Phriendly Phishing or to set up a free demo, please contact us today.