What Is Phishing?
Phishing is define as “the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.”
Why is it called Phishing?
That’s a pretty easy one, really: The act of stealing someone’s credentials is sort of like fishing in water. There’s a group of targets, bait that is known to be of interest to them and a pretty good chance of at least catching something, even if it’s not the original meal you were after. Fishermen adjust the bait and tackle they use depending on the situation. They don’t use the same tactics at a farm pond and for deep sea fishing. Similarly, cybercriminals typically use different bait and exploits depending on what they’re after. They might be looking for login credentials, credit card numbers or medical information.
How phishing works
In past decades, most attacks were carried out by hobbyists and malcontents trying to see what they could get away with. They mostly wanted to prove they could actually perform an exploit — for bragging rights, if you will. Today, we’re dealing with professional bad guys who work 9 a.m. to 5 p.m. with the primary goal of separating you from your information, and often your money. The value of whatever they’re after will determine just how serious they are and how much effort they put into catching you up in their nets.
The typical phishing attack aims to steal credentials that can be used to log in to other sites. In other words, they want your bank site logins, your investment account ID and password, even your game site ID if that game has something that can be traded for real cash.
How to prevent phishing
Don’t click on every link you see in an email. If a bank sends you a notice to respond by clicking on something, don’t do it. Type the bank site name into your browser and control how you get to the site. Then examine the page to see if there is really a message on which you need to act.
Don’t reuse passwords! This is a biggie. If you happen to get phished through one site, don’t make it easy for them to use that ID and the password all over the world. Be suspicious; if someone you know sends you an email asking for help or money, contact them in another way to verify.
Unfortunately, the big takeaway here is that bad guys are, in fact, out to get you. It’s typically nothing personal — you’re just one email address in a list of millions of users.
To help prevent phishing messages from reaching end users, experts recommend layering security controls, including:
- Antivirus software
- Both desktop and network firewalls
- Antispyware software
- Anti-phishing toolbar (installed in web browsers)
- Gateway email filter
- Web security gateway
The only way to protect your company against targeted attacks is the combination of smart software and top human talent. Powerful detection and response solutions are a great way to make sure your organization is well equipped to face an attack.