Phishing is a form of electronic communication that masquerade as a trustworthy entity. The goals are to acquire sensitive information such as password or credit card details. It is a psychological attack used by criminals to trick you. At the beginning, they used emails to do so. But now, it has evolved to become message-based attack (e.g. instant messaging or social media post).
Before they spread attacks, they have prepared the system to receive response from victims. They craft a convincing-looking message using “good” grammar as if a good or reputable company send email to its customer. Then, they send to millions of people around the world. Actually, they do not know who will fall victim. They just wait whoever clicking on a malicious link or opening an infected attachment or responding it.
There is another kind of phishing. It is spear phishing. Actually, it is same as phishing, except that instead of sending to random recipients, criminals send it to selected recipients. In this case, they have done a research to whom they are targeting. If you want to know more about spear phishing, you can read this incident (0xHACKED: Brown University Accounts Distributing Phishing Emails) that happened recently.
Let’s say you have been targeted by them. Perhaps, you wonder from where they get your email address. The answer is very simple. It can from social media such as Facebook, Twitter, Instagram, LinkedIn, etc. Or, you may put it on-line through public blogs or forums. Please be aware that they have tool to craw this kind of information. In cyber security, we call it as Email scavenger. It is a type of web crawler program that searches the Internet and collects all email addresses it finds posted on web pages.
Now, the big question is how to stop it? Only YOU can do that. These are phishing indicator
Is the email being sent by someone you do not know or do not work with?
Check “FROM”, “To” and “CC” addresses. Are those personal accounts and using public email service (e.g. @gmail.com, @yahoo.com, etc) ?
Check greetings. Does it being sent to you? Or, does it use “Dear Customer”? If a trusted organization has a need to contact you, they should know your name, right?
Be suspicious of grammar or spelling mistakes.
Be suspicious of any email that requires an immediate action.
If you do not know the sender, DO NOT OPEN its attachment(s). DO NOT CLICK any link(s). For hyper links, hover your mouse over that link and you will see its destination.
Be suspicious of any message that sounds to good to be true. Remember.. there is no free lunch
Hope it helps you…. 🙂