What Is Phishing?

“Phishing is a cybercrime in which a target or targets are contacted by email, telephone, or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking, and credit card details, and passwords.” (phishing.org) Phishing is among the most common cybercrimes because it relies on little to no technical skill. As long as the attacker can make contact with their target they have the opportunity to extract information that may be valuable to them. While a simple phone call, text message, or email could work, online phishing attacks have grown increasingly sophisticated. Attackers will go to great lengths to mimic a credible institution in order to gain your confidence. Many of these efforts can be caught by your email’s spam filter. But truly resilient attackers will constantly adapt to get a chance at our attention. Phishing is typically a multistage process. Sometimes just receiving access to your accounts will provide enough opportunity to finish their mission. But oftentimes there will be multiple stages to reach the ultimate goal, your money.

Who’s At Risk?

Technically anyone. When it comes to identity theft, anyone and everyone can be a target. When it comes to corporate phishing, executives and directors are the most common target. One of the most common phishing attacks is to gain access to a leader’s email account and then send fake emails requesting that employees make urgent purchases or send payment immediately.

How To Recognize Phishing?

Look for grammatical errors and discrepancies. Since many phishing scams are multi-stage, attackers want to identify good targets quickly. If the attacker can get away with inaccuracies early on it’s more probable that they’ll be able to do so later when the stakes get higher. Look for slightly off email domains. Attackers may use similar domains like @netfIix.com instead of @netflix.com (Still trying to figure out the difference between the two? The first one has a capital “I” instead of a lowercase “l”)

What To Do About Phishing?

If it seems suspicious, avoid it. If you feel compelled to respond pick up the phone and make a call to get further information. Vigilance is a daily responsibility. To learn more about Phishing check out the Federal Trade Commission.  If you have more questions contact your IT department or provider to learn more about your specific protections.