It’s no secret that the internet can be a dangerous place, rife with would-be scammers trying to steal your information and steer you towards shady websites. Whether you log on to play games, read the news, do research, connect with your company as a telecommuter, keep up with your favorite celebrities, or just to check out the newest photos of your grandchildren, you need to protect yourself. Read on to learn about some of the tactics and techniques used in “phishing.”
What Is Phishing?
Phishing is a type of cybercrime. It involves the use of email, online messaging services, websites, and other electronic platforms to trick people into providing confidential or sensitive information, such as account numbers, PINs, and passwords. Armed with these details, the perpetrators of phishing scams then access financial accounts or commit identity theft.
Why Is It Called That?
The name of this deceptive practice comes from the sport of fishing, of course, because the two activities are similar. In traditional fishing, the goal is to land a trout, walleye, or catfish. In phishing, it’s an individual’s personal information that gets reeled in.
In addition to providing an alternate spelling, the “ph” in the term is a nod to the term “phreak,” a nickname for hackers that dates back to the 1970s.
Is Phishing the Same as Spoofing?
Spoofing is a type of phishing, so yes, the two are related. Spoofing describes the tactic of pretending to be a legitimate business, organization, or entity and sending communications that are intended to appear authentic. Spoofed emails or websites are meant to trick users into providing account numbers, PINs, passwords, or other personal information. For example, you might get an email asking you to log into your credit union account and verify your information. Or you could be contacted by a scammer pretending to be a friend or colleague who has been robbed of their cash while traveling abroad; they may request that you wire them money so they can purchase a plane ticket home.
Seriously? Who Falls For This Stuff?
You’d be surprised. Spoofers can create very sophisticated replicas of company logos and fonts, use a URL that looks official or crack into your network to send messages that appear to be from your friends and contacts.
Moreover, not everyone is careful with their dealings online. New internet users, immigrants to the U.S. who aren’t accustomed to how our banks and other institutions work, the elderly, and even people who are just busy and not paying attention — they are all prime targets for phishing.
What is Spear Phishing?
This takes the fishing metaphor one step further. Rather than casting a wide net to collect as many perch as possible, spear fishing has just one target at a time. It’s the same with spear phishing, which uses illegitimate means to access convincing details such as a person’s name, occupation, interests, address, acquaintances, and buying habits in a phishing attack. These personal details will make the email, Messenger conversation, or other communication look and feel more authentic than most spam or phishing emails, which are usually somewhat generic. In a spear-phishing ploy, the targeted victim might see their name, read a reference to a specific friend, or recognize the company name as one they’ve done business with.
Spear phishing can be used to steal credentials, or to install malware or spyware onto a device.
How Can I Avoid Becoming a Victim?
The best way to prevent becoming a victim of phishing is to be hypervigilant and always aware. If something seems too good to be true — or on the other hand, strikes you as shady or suspicious — it probably is. Here are a few other specific tips:
- Update your software frequently
- Use anti-virus protection
- Never click on suspicious links in emails or direct messages
- When in doubt, go directly to the company or institution’s website from a new browser window
- Don’t rely on a phone call to verify an email; sophisticated spear phishers have phone lines set up just for this purpose
- Stay off social media, or make certain your security levels are high
- Be careful about posting or sharing sensitive information or personal details online
- Use unique passwords for each site you log into, and change them often
Lastly, be skeptical. If a Facebook friend who doesn’t usually send you links is now insisting in a message that you “check out this video” or similar, don’t click. Contact the friend another way to find out if they legitimately wanted to share something with you. It is always better to be safe than sorry, so read emails carefully and look for misspellings or other errors that might tip you off to fraudulent messages.