Every day we received dozens of emails from coworkers, friends, family and various businesses: clothes stores, restaurants, delivery services, subscription services and others. But did you know that some of these seemingly innocent emails can be sent by hackers who are trying to obtain your information and use it for their personal gain? In this article, we will tell you everything you need to know about phishing attacks.
What is a phishing attack? Phishing attack example
Imagine that one day you receive an email from a senior person at the company you work for. This email contains some instructions for you or asks you to provide certain information, this often includes your login credentials among other things. Once you hand this information over, the hacker has succeeded and now they can do damage to the company.
Or you may receive a shipping confirmation email from an online store you shop at regularly. This email has a link to your account, you click the link without paying close attention to the address or the appearance of the page that opens up, enter your login information and game over again – the hacker’s got your information for the real site!
Is phishing illegal in the United States?
Yes, phishing activity is illegal in all states in the US, although the exact specifics vary between different jurisdictions. It is also illegal in the European Union, Australia and most other countries.
Types of phishing attacks
While the goal of all phishing attacks is to get access to your private information or get you to download malicious software, phishing scams vary greatly and can be categorized into several types:
This refers to all phishing attacks that are done by phone. You may get a text message or a phone call asking you to confirm a credit card transaction using your PIN, to call or text back with account details like your password to confirm your identity and prevent your card from getting blocked, or any other kind of message that asks for personal or sensitive information.
Unlike random phishing attacks, spear phishing hackers do their research in advance and use the information they’ve discovered to trick you. For instance, they might pose as your boss, your contact at the back or one of your vendors or clients to get access to your company credentials and log in information.
In this case, hackers pose as your boss or CEO of the company and send you an email requesting urgent help. They can instruct you to transfer money to a provided “contractor’s” account or perform similar actions.
How to identify phishing emails?
Since many phishing emails create a sense of urgency in their communications, treat all urgent emails with suspicion. Next, check the email address if you get an unusual email from your superior, especially if it asks you to transfer money or hand over information. It is also a good idea to take the time to double-check the request in person. Finally, don’t open any emails you haven’t requested and don’t follow any links in those emails. If you do, pay attention to the website address, as often times it is misspelled and you are not at the actual official website of the company.