Phishing


Phishing is a social engineering technique meant to deceive a user by tricking them into revealing their personal information (usernames, passwords, account #’s, etc) to malicious “black hat” hackers, through fake e-mails, blogs, forum links, or attachments from reputable businesses.  Since phishing scams have an instantaneous effect on a user, they allow the hackers to obtain the information quickly and easily (no middle man required).  Users who are not up-to-date with the latest update for their anti-virus, operating system, internet browser, or application programs (Acrobat Reader, Adobe Flash, etc.) are more vulnerable to phishing attacks.  The lack of security measures on the internet allows black hat hackers to amass a broad spectrum of phishing victims.  These hackers can copy icons, graphics, and wording from legitimate websites to their false websites, and easily create new websites that suite their needs in a matter of minutes.

Social engineering techniques have been around for many years and phishing scams have made it even ten times easier to obtain personal identifiers. Phishing involves a “black hat” hacker creating a fake website or link that resembles the genuine website. The goal is to modify the original website enough, so a user has trouble distinguishing the counterfeit one from the original. This is meant to confuse users into submitting their personnel information onto the counterfeit site. Many users fall for this phishing scam because typical users do not examine everything on the websites they visit; users tend to glance over items and not pay attention to what website they are actually at. Other tactics used by “black hat” hackers include, copying images from a legitimate website, copying wording formats (in a letter), using the same apparent links (which have been edited to move a user to a corrupt website), etc. The fastest and easiest delivery method used by “black hat” hackers is e-mail. Email guarantees accurate, quick results, and most users trust email from their financial institutions or retailers when they are requested additional information.  
To prevent phishing attacks, users must update their anti-virus software, operating systems, internet browsers, application programs, as well as turn on a personal firewall, scan all messages received (e-mail, blog, attachment) for spelling and grammar errors (which can be indicative of a problem), and double check new or different logos.  Also, call the business to inquire if they contact a customer by e-mail to discuss your account; the majority of businesses do not contact customers by e-mail.  Using common sense is the most important thing a user can do, because if it appears to be too good to be true it usually is. Also, if the e-mail is believed to be counterfeit, contact the financial institution or retailer directly and ask them if they sent any notifications out recently.  If the institution has not sent out any notifications recently, report it to the person responsible for working with phishing scams, block the sender of the e-mail and delete it from your inbox immediately.
“Black hat” hackers know the Internet will never be 100% secure and preying on users is an easy way to make quick money from selling someone’s personal information.  This is why users must always use common sense when reading e-mails from their financial institutions or retailers; look for some of the clues mentioned above for a counterfeit e-mail, and always be wary of e-mails asking for personal identifiers.
Visit OnGuard Online for an example phishing video