phish – verb “to try to obtain financial or other confidential information from Internet users, typically by sending an email that looks as if it is from a legitimate organization, usually a financial institution, but contains a link to a fake website that replicates the real one.” ~ from dictionary.com
In the connected world that we live in today, the good that the internet provides is countered with all of the bad that exists on it’s web pages. For every good use that we see the internet being used for, there are at least two bad purposes that are being utilized.
Over the next three days, we are going to take a hard, in depth look at one risk of using the internet — phishing attacks.
In today’s post, we’re going to get into the nuts and bolts about what a phishing attack is. The definition you see at the top of this post certainly does cover a lot of detail, but let’s expand on that just a bit, shall we?
Like the definition mentions, a phishing attack is an attempt by an unknown party to trick you into providing personal information on a website that looks like a legitimate company website, but in actuality is not legitimate at all. The purpose of doing so is for the attacker to collect sensitive data — such as your social security number, bank account information, login usernames and passwords, and so on — so that they can use that information to secure financial resources without you knowing about it. This is one of the primary ways that Identity Theft occurs.
In the email posted above, you see a poor attempt at a phishing attack. The email, reportedly from “Citibank Customer Service”, references that your Citi account has been locked. In the email, the sender indicates that if you did not trigger this lockout, that you should click the link and follow the instructions. What makes this a poor example is that the link directly shows that clicking the link will take you to a website in the comcast.net domain, not to citibank.net. Often, a link like that would show the domain for Citibank in the text, making you think it is legitimate, but in reality the link would be taking you to a different domain and website entirely. For example, the link in this sentence to “click here” takes you to the Tech Solutions NC website, even though the text for the link does not list the name of the website. Fortunately, though, most browsers today will show you what website that link will take you to just by hovering your mouse over the link (and not clicking it). You can see an example of that in the image below.
- A phishing attack is an attempt by an unknown attacker to trick you into going to a website that you think is legitimate, but has actually been faked in order to get you to enter personal information so it can be compromised.
- Most phishing attacks occur in emails that you receive.
- Often, there are clues you can see in the email that convince you that the email is not legitimate.
- The purpose of phishing attacks is to steal your identity so that the attacker can profit from it.
Tomorrow, we’re going to explore in more detail how you detect them. Stop back by tomorrow, and thanks for checking in!