Users who fall victim to a phishing scam may find their lives upended. When a hacker succeeds after targeting a “phish”, the results could be severe. Bank, credit card, money transfer, social media, and even medical accounts may end up compromised.
The phishing scam concept is not complex. Typically, it tricks people into providing sensitive information by clicking on a deceptive link. So, what does the scam involve?
Simple, but effective
The scam commonly involves receiving an email claiming to be from a place where the recipient has an account, such as a financial institution. The email may suggest that a problem exists with the account, and that the user must take immediate action, such as changing the current password.
The email usually contains a link to a fake website that may be very similar, if not indistinguishable, from the real website. Once on the site, the user attempts to log in to their account, and the fake site captures their credentials.
Emails aren’t the only source of these social engineering scams. Smishing (SMS fishing) targets people through text messages on their smartphones. As new forms of communications develop, expect to see new spins on traditional phish-seeking activities.
The Early Origins of Phishing: America Online
The term comes from an obvious play on the word “fishing,” as angling to catch a fish involves using bait or a lure to hook one. With a phishing email, a warning often serves as the means of “hooking” the intended recipient. The “ph” spelling switch comes from phreaking, a telephone hacking technique popular in the 1960 and 1970s.
The technique was first described in a presentation to the International HP Users Group in 1987. The mid 90s saw the word coined by the hacker community, and America Online users were a popular target. The problem became so widespread that the warning, “no one working at AOL will ask for your password or billing information” was added to all instant messages on the service.
Avoiding the Hook
Several signs might indicate an email or text is fraudulent. Misspelling and poor sentence structure are frequent giveaways. An email address that is different than expected is also a red flag. Also, some senders have been known to use script spoofing, where lookalike characters are used in the spelling of the email address or link. If there is any doubt, look up and contact the company’s customer service department to see if the email is legitimate.
Staying aware of new trends in phishing scams and remaining vigilant is key to “avoiding the hook”. Contact us today to learn more about our security training and email security solutions.
