A beginner’s guide to phishing

Nov. 20, 2018

1. What are phishing scams?

According to Phishing.org, Phishing is a cybercrime in which a target is contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords. The information is then used to access important accounts and can result in identity theft and financial loss.

 2. What are the four most Common Types of Phishing scams?

  1. Deceptive Phishing is where fraudsters create a fake login page, send out mass emails asking victims to verify an account, steal their details and access their bank accounts.
  2. Spear Phishing - Fraudsters scam victims using a customized message crafted to a targeted person in an organization to gain trust so that victims will submit their personal data without hesitation.
  3. Pharming - Fraudsters hijack victim website domain name and redirect visitors to other malicious websites by confusing the visitors. Victims will then be scammed on the malicious website, which looks almost 100% same with the real website.
  4. Google Docs - An invitation is sent by fraudsters to ask the victims to view documents on some convincing landing page, for example, Google Docs. Attackers can then gain access to your Gmail account.

3. What are some other interesting facts about phishing?

30% of phishing messages are opened by targeted users and 12% of those users click on the malicious attachment or link, notes Verizon Data Breach Investigations Report. The problem is growing - nearly 1.5 million new phishing sites are created each month. According to SANS Institute, 95% of all attacks on enterprise networks are the result of successful spear phishing. Fake invoice messages are the number one type of phishing used to lure users in, says the Internet Security Threat Report. For those of you who are Apple users, Apple IDs are the #1 target for credential theft emails.

Want to build your digital security skills and protect yourself online? Sign up to Security First’s free courses on Advocacy Assembly to learn more about how to stay safe online and avoid malware and phishing attacks.