How Phishing Works

What is phishing ?

Phishing is a type of online scam where a targeted individual is contacted by email or telephone that appears to be from a legitimate institution asking you to provide sensitive information. These messages usually redirect you to a fake website or otherwise get you to divulge private information. Legally, phishing is a cyber crime where an imitation of the website of a company is created by phishers to cheat users into providing sensitive information.

How phishing works ?

Phishing do so by sending e-mails that are designed to collect an individual's sensitive information. To make phishing messages look like they are genuinely from a well-known company, they include company logos and other identifying information taken directly from real company's website. The victim receives an e-mail that appears to have been sent by a known contact or organization. The fake email conveniently includes a link you can click on to resolve the problem which you're told you need to do. These e-mails are clever fake and the information you provide goes straight to the crooks behind the scam. Because these e-mails look like from legitimate companies and victim trust them and enter their personal information.

Normally, they are targeting the customers of banks and online payment services. For instance, scammers will send emails which will typically direct the user to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank account numbers, that lure victim to fake web sites that look similar to real sites of the company they're impersonating. Phishing is a continual threat, and the risk is even larger in social media such as Facebook, Twitter etc. Hackers could create a clone of a website and tell you to enter personal information, which is then emailed to them.

How Can I Identify a Phishing Email ?

Generic greetings

Most major companies that correspond through email (eBay, PayPal, Amazon, etc.) have learned to start legitimate emails by greeting you with your name or some kind of identifying information. It is often include generic greetings, such as “Hello Customer” rather than using the recipient’s actual name. This is an obvious tell for phishing attacks that are launched in bulk, whereas spear phishing attacks will typically be personalized.

Billing Problem

This phishing tactic is very tricky because it appears quite legitimate. This sender states that an item you purchased online cannot be shipped to you because your credit card was expired (or incorrect billing address etc.). If you click on the provided link, it takes you to a fake website and asks for updated payment/shipping information, etc.

Problem with your membership

The typical message look like: We recently failed to validate your payment information, we hold on record for your account, therefore we need to ask you to complete a brief validation process in order to verify your billing and payment details. Click here to verify your accountFailure to complete the validation process will result in a suspension of your membership.

Urgent response

These types of phishing emails attempt to create a sense of urgency, leading recipients to fear that their account is in jeopardy or they will lose access to important information if they don't act immediately.

Suspicious Warnings

This type of email states that your computer has been infected malicious virus! In order to avoid losing your data and infecting your computer the email instructs you to follow the provided link, or download the “anti-virus” attachment.

Contest Winner

Unexpected prize and lottery scams work by asking you to pay some sort of fee in order to claim your prize or winnings from a competition or lottery you never entered, , these are absolutely bogus. To claim your prize, the email requires you click a link and enter your info for prize shipment.

Bank Message

Within a phishing email, you may be requested to click on a link that takes you to a fraudulent site or pop-up window where you are asked to submit personal and financial information. This tricks you with a fake account notification stating that an amount has been withdrawn from your account that exceeds your notification limit. If you have any questions about this withdrawal (which you probably would), it gives you a convenient link that leads to a web form asking for your bank account number “for verification purposes.”

How to prevent & report phishing attacks

If you receive a phishing email and its content look like the above features :

You can report a phishing scam attempt to the company that is being spoofed.

Don't click on any links, open attachments, or expand any included pictures

Don't try to reply to the sender

Delete the email from your computer