Salmon. Tuna. Halibut. Cod.
Although that may have been what you thought of when you clicked on this article, no, I’m not talking about that type of fishing.
Even though they’re pronounced the same, they’re very different. While you catch one on a boat, the other pertains to cyber security and keeping your data out of the wrong hands. Before you fall victim to this common cyberattack, let’s explore what phishing is, how it works, and the ways you can protect yourself from becoming its prey.
Interested in learning something specific about this popular scam? Jump ahead to:
First things first, let’s explain what phishing actually is.
Phishing is the method of obtaining user information through fraudulent communications targeted directly at people. This is usually done through emails disguised as coming from a legitimate source but delivers the target’s information back to the hacker’s actual source.
Essentially, the goal of a hacker performing a phishing scam is for them to trick you, usually using email as their weapon, into giving them the information they want.
Typically, phishing attacks rely on various social networking methods applied to email or other communication methods, like text messages or instant messaging platforms. Phishers may also use social engineering to find out information about the victim, including where they work, their job title, hobbies, interests, activities, and so on.
This information is then used to compose a believable email message. These malicious emails typically start out with a link or an attachment for the opener to click on or open. In addition, the content is usually poorly written with improper grammar.
It goes like this: You’re sent a message that appears to be from a person you know or an organization you recognize. The attack is then carried out through a malicious file attachment, or link, that houses phishing software. You’ll then be prompted to install malware on your device or will be directed to a fake website that tricks you into entering in your personal information, such as passwords or credit card information.
Or, you’ll receive an email from the CEO of your company, with the email address just slightly misspelled. The message reads, “Give me your personal number, I need you to complete a task for me.” Since this is the CEO of your company (or so you think), you respond with your phone number, only to be sent a text asking you to complete a task that doesn’t make sense, like ordering a bunch of Amazon gift cards. I’m not speaking from experience or anything.
|Did you know? 76% of businesses reported being a victim of a phishing attack in the last year.|
Just like there are many fish in the sea, there are multiple types of phishing attempts that you could fall victim to.
It can be harder than you think to recognize a phishing email since they’re typically sent from a well-known company or someone (you think) you know. Especially if it includes the correct company logo, making it look legitimate. The links included are also constructed to look as genuine as possible, with only one or two characters off. These are the warning signs you should keep an eye out for so you don't fall victim to a phishing attack.
In addition to knowing which red flags to watch out for, you can also go one step further by utilizing email anti-spam software to scan email messages, content, and attachments for potential threats.
TIP: Check out our roundup of the highest rated email anti-spam software on the market.
While phishing happens to everyday people all of the time, there have been some attacks that have made some serious waves in the mainstream media.
For example, in 2016, one of the most consequential phishing attacks happened when hackers managed to get John Podesta, chair of Hillary Clinton’s presidential campaign, to offer up his Gmail password. The email sent to Podesta had a subject line that read, “Someone has your password” and informed him that Google stopped a sign-in attempt of his account in Ukraine. They urged him to change his password immediately and provided a fraudulent link to do so, on which he clicked, giving access to his account password and login information.
There was also the “Fappening” incident of 2014 when a number of intimate photographs of celebrities were leaked to the general public. Rumors originally pointed to Apple’s cloud security being at fault, but it turned out to be the workings of various successful phishing attempts.
Hacker Ryan Collins pleaded guilty to the incident, citing he sent emails to the victims from Google or Apple, warning that their various accounts were compromised and asked for login details. Victims would then enter their password information, allowing Collins to download various emails and get further access to their iCloud accounts. When all was said and done, Collins was able to access 120 different Gmail and iCloud accounts, including the account of actress Jennifer Lawrence.
Especially when it comes to a phishing attack. It can happen to anyone, so make sure you’re extra cautious before opening a mysterious email and clicking on a link. With the amount of personal information that can be accessed online, it’s more important than ever that you take the extra step to ensure you don’t become the bait of a phishing attack.
Now that you know the ins and outs of phishing, check out these other must-know cyber security terms! Or, expand your knowledge even more and learn all about the history of computers and the history and future of phishing.
Mara is a Senior Content Marketing Specialist at G2. In her spare time, she's typically at the gym polishing off a run, reading a book from her overcrowded bookshelf, or right in the middle of a Netflix binge. Obsessions include the Chicago Cubs, Harry Potter, and all of the Italian food imaginable. (she/her/hers)
Subscribe to keep your fingers on the tech pulse.