Phishing is a form of electronic communication that masquerade as a trustworthy entity. The goals are to acquire sensitive information such as password or credit card details. It is a psychological attack used by criminals to trick you. At the beginning, they used emails to do so. But now, it has evolved to become message-based attack (e.g. instant messaging or social media post).
Before they spread attacks, they have prepared the system to receive response from victims. They craft a convincing-looking message using “good” grammar as if a good or reputable company send email to its customer. Then, they send to millions of people around the world. Actually, they do not know who will fall victim. They just wait whoever clicking on a malicious link or opening an infected attachment or responding it.
There is another kind of phishing. It is spear phishing. Actually, it is same as phishing, except that instead of sending to random recipients, criminals send it to selected recipients. In this case, they have done a research to whom they are targeting. If you want to know more about spear phishing, you can read this incident (0xHACKED: Brown University Accounts Distributing Phishing Emails) that happened recently.
Let’s say you have been targeted by them. Perhaps, you wonder from where they get your email address. The answer is very simple. It can from social media such as Facebook, Twitter, Instagram, LinkedIn, etc. Or, you may put it on-line through public blogs or forums. Please be aware that they have tool to craw this kind of information. In cyber security, we call it as Email scavenger. It is a type of web crawler program that searches the Internet and collects all email addresses it finds posted on web pages.
Now, the big question is how to stop it? Only YOU can do that. These are phishing indicator
Check “FROM”, “To” and “CC” addresses. Are those personal accounts and using public email service (e.g. @gmail.com, @yahoo.com, etc) ?
Hope it helps you…. 🙂