Going Phishing: Avoiding The Hook
What is Phishing you ask? Phishing is a type of cyber-crime where a victim receives an email that is designed to look legitimate in order to fool the victim into either clicking a malicious URL or opening a malicious attachment. The main goal of the email is usually to install a Trojan or a virus onto your computer or to get you to divulge private information (e.g., passwords, credit cards, bank account information, or other accounts). Once the criminal has your private information, he/she then utilizes this information to steal your money, your identity, your access to other accounts, and other valuable data. The process goes something like this:
1. Victim receives a phishing email and clicks on a malicious URL.
2. The URL takes you to a malicious website where a Trojan, named after the fabled Trojan horse of Troy, is secretly downloaded.
3. The Trojan then releases and allows the installation of a rootkit (a program that give the attacker control of your computer without your knowledge. Poison Ivy is the name of one such program.), a virus, a worm, or other malware.
4. Once infected, a secret channel is created to communicate with the attacker and give him/her access to your computer through the internet without your knowledge.
5. The attacker can then act as you on other networks and accounts, steal personal data from you, email other victims from your email, or anything else you can do.
So as you can see, phishing can be very serious, because it is often the first step in a much larger crime. So now that you’re aware of the problem. You may be asking yourself what you can do to protect yourself. To answer your question, here is some tips to remember when reading your email.
1. Be Suspect of any email that requests you to open something, click on something, or provide personal or company information.
2. Does the email seem out of character for the sender?
3. Is the email addressed properly?
4. When you hover your mouse over the URL or convert your email to plain text, is the URL the correct URL or does it not match what it is reported to be.
This is good advice. I learned the hard way what happens when you ignore your gut feelings. I lost everything when I clicked to open an official looking document the said urgent reply from the FBI. I knew I hadn't sent phoned the FBI, and that they didn't contact people via email, but curiosity killed the cat, as they say. I clicked on the blue link and my computer went black. Since that time, I have put safeguards on my email and I am red-flagged when suspicious email is sent.
ReplyDeleteThanks, Brad. Great input and a reminder to only click on URLs from known sources. This can absolutely ruin your day!
ReplyDelete