What is Phishing?
‘Phishing’ refers to emails that trick people into giving out their personal and banking information; they can also be sent by SMS. These messages seem to come from legitimate businesses, normally banks or other financial institutions or telecommunications providers. The scammers are generally trying to get information like your bank account numbers, passwords and credit card numbers, which they will then use to steal your money.
Phishing emails often look genuine and use what look to be genuine internet addresses—in fact, they often copy an institution’s logo and message format, which is very easy to do. It is also common for phishing messages to contain links to websites that are convincing fakes of real companies’ home pages.
What is spear phishing?
Phishing attempts directed at specific individuals, companies and universities have been termed spear phishing. Attackers may gather personal information about their target to increase their probability of success. This technique is, by far, the most successful on the internet today, accounting for 91% of attacks.
Attackers will mine social media sites such as LinkedIn or Facebook and personalize or impersonate users so that the spear phishing email is extremely accurate and compelling. Once a link is clicked or an attachment is opened, the door to the network is established, allowing the attacker to move forward with the advanced targeted attack.
How to deal with the phishing scams
- Delete email and text messages that ask you to confirm or provide personal information. Legitimate companies don’t ask for this information via email or text.
- Don’t reply, and don’t click on links or call phone numbers provided in the message, either. These messages direct you to spoof sites.
- If you’re concerned about your account or need to reach an organization you do business with, call the number on your financial statements or on the back of your credit card.
- Area codes can mislead, too. Some scammers ask you to call a phone number to update your account or access a “refund.” But a local area code doesn’t guarantee that the caller is local.