After a bit of looking around, I managed to find some of the most frequently asked questions about phishing. Let’s see if we can’t clue some people in.
What does phishing mean?
By definition, it means; ‘the fraudulent practice of sending emails purporting to be from reputable companies to induce individuals to reveal personal information, such as passwords and credit card numbers.’ So, people pretending to be big companies (companies that you trust) sending you emails that you think are safe so they can get you to open an email and click on a link that can give them access to some of your data. It’s social engineering and, without the proper awareness, it can be a genuine threat.
How does phishing work?
Let’s get into how these phishing emails work (yes, I am calling the perpetrators of these attacks ‘phishermen’):
- First, they have to decide who to target and map out how to get the mailing list of that company.
- Once they’ve figured out who to attack, they then come up with a way to get the customers’ (or the employees’) information. (This is usually done with a web page.)
- They send out the email that appears to be official and trustworthy.
- Information is collated when victims fill out forms on the webpage.
Why does phishing work?
Phishing can work for numerous reasons:
- Lack of knowledge is a good starting point. If you’re bad with computers or burdened with a lack of knowledge on cybersecurity, it can be easy to all for one of these attacks as you may be a little naïve about the whole thing, not knowing that bad people exist on here too.
- Another reason could be that the emails have been crafted to look official and so you immediately trust them. This is the main reason they’re disguised this way, so you don’t think twice about clicking on that link.
- The third may be more applicable if you’ve been around the block a few times. You’ve grown up with the internet, you’ve been on it for a good number of years — maybe thirteen or fourteen — so you consider yourself kind of a pro. You know what you’re doing so you ignore the security indicators, why would you? You know the internet like the back of your hand, so there’s no need to look for them. Listen, security indicators are your friend, and they’re there to help you.
If you’re still interested in this, read this paper by Rachna Dhamija, J. D. Tygar and Marti Hearst, here.
Where do I report phishing scams?
If you’ve found a particularly fishy email and want to report it to the NCSC, forward it to [email protected] After that? Block the sender. And if you think your information could have been taken? Go here for help and more info on what to do next.