One of the most common kinds of cyberattacks we encounter today is “phishing.” This word swims around in business meetings and in the media. Everyone tells us to avoid phishing scams, but what do they actually look like?

For a bit of background – the term “phishers” originally comes from a combination of “phreakers” (the word first used to describe hackers) and “fishing” (as in, fishing for information). Phishing has been around since AOL dominated the internet, and the definition of a “phisher” is fairly broad. Some phishers are harmless internet trollers, and others are professionals trying to snatch up and sell personal information. The key take away: phishers are never trying to help you.

Just as all phishers are not the same, all phishing scams are not exactly the same either.

Some scams, like the example below, cut right to the chase and immediately prompt you to send back confidential information. As you can see in this example (which is based on a real scam that circulated), the person, company, and contact information look “professional” in an attempt to trick you.

Subject: Mailbox Quota Exceeded
From: Legitimate Sounding Company
To: You

Dear customer:

You have exceeded the limit of your mailbox set by your Web service, and you will be having problems in sending and receiving mail. You may lose all your information when your account is disabled. To prevent this please send over your username and password so that your account can be activated.

Full Name:
Email ID:
Email Password:
Confirm Password:
Date of Birth:

Regards,
Real Sounding Person

Other common phishing scams prompt you to click a link which gives the phishers more access to your information. The example below is a modification of another real phishing scam:

Subject: Suspicious activities
From: Legitimate Sounding Company
To: You

Hi there,

Our technical support and customer department has recently suspected activities in your account. Therefore we have decided to temporarily suspend your account until investigating your recent activities. Such things can happen if you clicked a suspicious link on social media or gave your password to someone else. Please help us recover your account by following the link below:

LET’S GET GOING

Thanks,
Real Sounding Person
Legitimate Sounding Company

The email is crafted to look important and real. Once you click “LET’S GET GOING,” you will be led to a fraudulent site, and the phisher has now captured your login name, password, and computer information. Often times, you may even be brought to a site that will download malicious programs on your computer. Some of these programs will pepper your computer with an abundance of ads, others will create a program that will skim all your passwords (like those stored on your browser), and some can even install a program that will track every keystroke and move of the mouse. This gives the phishers access to your username, passwords, website traffic, shopping sites, and more.

There are many other phishing scams, and phishing can often come in the form of phone calls, aimed at gaining information or directing you to download a malicious file.

What can you do to protect yourself? My advice is relatively simple:
  1. If you didn’t expect it, don’t believe it! If someone sends you something you didn’t expect, contact them by a means you know to be legitimate (call or go to an office).
  2. Don’t be afraid to delete it. A great practice is to simply delete emails (or voicemails) if you don’t know the source.
  3. Beware of the urgency! Phishers try to get you to jump into action and appeal to your sympathy. If an unusual, unexpected email sounds very pressing, pause and think before acting.
  4. When in doubt, consult a professional. Cyber-security is a growing industry that wants the public to avoid these scams. Banks, telecommunication companies, internet service providers and other local resources are available—reach out for a professional second opinion.

Phishing scams will only persist if we continue to fall for their tricks. Your best defense is to be cautious, spot the scam in advance, and delete anything that looks phishy!

Have a cyber-secure day!