What is Phishing?
What is Phishing?
Phishing is a type of online scam where criminals send out fraudulent email messages that appear to come from a legitimate source. The email is designed to trick you into entering confidential information (ex: account numbers, banking info, credit card details, usernames, passwords, pin, birthday) into a fake website by clicking on a link. The email can include a link or attachment which once clicked, will steal sensitive information or infect a computer with malware.
Most email phishing messages alert you with a sense of urgency, such as an email claiming to come from your credit card provider notifying you that your account has been blocked due to suspicious activities so you must follow a link in that email to unblock it. Following the link takes you to a fake web page that looks like your bank’s internet login page, asking you to fill in your credentials so you can log in to the website. Any information you input through it will be sent to the attacker and can be used to gain control of their actual account.
Phishing emails may appear to come from a real financial institution, e-commerce site, government agency, or any other service, business, or individual. When users respond with the information or click on a link, attackers use it to access users’ accounts. The attacker can then gather additional private information about you, make purchases or apply for credit in your name and commit identity fraud or they may sell it on to another criminal third party. Phishing is a form of social engineering.
What is Social Engineering?
It is the art of manipulating people so that they give up confidential information. There are many forms of social engineering and they all ways to trick you into giving them your passwords or bank information, or to give them access to your computer so they can secretly install malicious software that will give them access to all your passwords and your banking information while being able to control your computer.
It is easier to exploit your emotions and inclination to trust through social engineering than it is to work hard on discovering ways to hack your software or break into your firewall. Think about it this way, it is much easier to trick or fool someone into giving you their password than it is for them to try hacking your password (unless you're using a really weak password).
​â¶Ä‹â¶Ä‹â¶Ä‹â¶Ä‹â¶Ä‹â¶Ä‹Bones of a Phish
- Hyperlinks - URLs that go to unusual or suspicious websites.
- Tip: Hover your cursor over a hyperlink to see where it really goes. You can practice using these examples:
- This hyperlink matches its destination: /
- This hyperlink does not match:
- Tip: Hover your cursor over a hyperlink to see where it really goes. You can practice using these examples:
- Unusual Sender - Messages sent from an unfamiliar email address.
- If an email was sent from an address that you do not recognize, or the sender's address is trying to impersonate a familiar name, this is a red flag!
- Attachments - Files attached to the message that contain malicious content.
- When you receive an attachment that you were not expecting, do not open it.
- Some attachments can attempt to run malicious scripts as soon as they are opened, such as .exe, .html, and .xlsx files.
- Sense of urgency to act quickly - a tactic that asks you to act fast or else you will suffer a consequence.
- Example: Your account will be suspended or deleted unless you update personal details immediately.
- Too Good to be True - Offers or attention grabbing statements designed to attract your attention immediately.
- Claims that you have won a free device, the lottery, or some other lavish reward are unrealistic.
=If you think an email you received is a phish, please report it to phish@kent.edu.