+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

What is phishing? Here's what you should know about the virtual scamming technique and how to protect yourself from data theft

Nov 12, 2020, 23:03 IST
Business Insider
Phishing ploys and attacks can happen to anyone with an email account.seksan Mongkhonkhamsao/Getty Images
  • Phishing is a form of cybercrime wherein you receive an email from a fake sender pretending to be someone else.
  • The goal of phishing emails is usually to get you to give up personal or sensitive information.
  • Phishing is easy to detect if you keep an eye out for bad spelling and grammar, email addresses that don't match the alleged sender, and requests for information you shouldn't provide over email.
  • You should never respond to a phishing email and, instead, delete the message or follow your company's policy for reporting it.
Advertisement

Phishing is a cybercrime in which criminals masquerade as someone else, like a legitimate business, to get victims to surrender personal and sensitive information voluntarily.

A common kind of phishing email is when you receive a message in your inbox that appears to come from your bank. As part of some alleged security check, the message requests that you reply with your login information. That can include info like your username and password.

If you respond to this email with the requested information, you may have just given criminals unrestricted access to your bank account.

What is phishing?

The term "phishing" is a variation of the word "fishing." It is meant to symbolize that in most cases, cybercriminals cast a wide net, attacking a vast number of users at once, hoping that a few will take the bait.

A clumsy attempt at a phishing attack.Dave Johnson/Business Insider

There are several common variations of the basic phishing attack. A "spear-phishing" attack, for example, is one that's more targeted. In some cases, spear-phishing targets users known to use a specific bank, website, or online service.

Advertisement

Criminals conducting a generic phishing attack may know nothing about you, which is why you may occasionally get an email asking you to reset your password for a bank or online service you don't even use. But in spear phishing, criminals might have hacked a list of users for a common website and email those users asking them to give up sensitive information.

Likewise, spear phishing can be ultra-targeted at specific individuals, with custom emails that appear to come from co-workers, clients, or vendors to persuade you to give up passwords, account credentials, or other sensitive information.

You may also see other phishing-related terms, such as smishing (phishing that uses SMS text messages) and vishing (phishing that relies at least in part on voice phone calls). They all have the same goal: to persuade you that the communication is a routine request for sensitive information.

Common phishing ploys

There are countless common phishing attacks. Criminals are always trying new variations, so there is no single shortlist of phishing ploys to be on the lookout for. Even so, these are the kinds of phishing emails you will commonly see.

Winning a lottery or sweepstakes

You receive an email advising you that you've won a large cash award, usually in the form of sweepstakes. If you respond, you'll often find you need to give your bank account information to receive the deposit.

Advertisement

Assist someone dispensing a large bounty of money

This is the classic "Nigerian prince" scam, and there are a thousand variations in circulation today. The premise: Someone has a large sum of money that they will share with you if you can help transfer it to the United States or disperse it to charity. There is no money, but the criminals will take your money if you give them the requested information.

Security check for your bank account

You receive an email purporting to come from your bank requesting that you respond with your login information, account number, passwords, or other sensitive information.

You need to check on a charge or shipment or reset your password

In many cases, you won't be asked to reply with your account information. Instead, you might need to click a link in the email to open the website in question, where you need to log in and check on something.

The scam here is that the link takes you to an illegitimate clone of the website. If you enter your credentials, the criminals have captured your information.

How to detect a phishing attack

With a little diligence, it's easy to detect and avoid virtually all phishing attacks. Most phishing emails are relatively unsophisticated, aimed at ensnaring naive users who are new to the internet or who aren't aware of the risk of phishing attacks – or just very busy people who don't carefully review all their email. Here are the main things to look for.

Advertisement

Poor spelling and grammar

This might seem obvious, but it's the number one way to spot illegitimate emails. Many phishing emails are created by non-English speakers who miss nuances in English grammar. If an email claims to come from a major bank or retailer and includes obvious errors, beware.

The email address doesn't match the name

If your email claims to come from Netflix, but the actual email address does not end in "Netflix.com," it's almost certainly a phishing attack. Look in the "From" line of the email client. It should say, "Netflix <info@mailer.netflix.com>," not Netflix gdgeert@criminal_organization.remailer.com>.

Make sure the sender and email address match.Dave Johnson/Business Insider

Make sure the link goes where it claims — without clicking it

If you are preparing to click a link in an email, keep in mind that the link might take you somewhere different than the text in the link implies. Hover over the link without clicking it and see where it's going. If the domain is different than you expect, it's probably taking you to an illegitimate site.

Even better advice: Avoid clicking links in emails entirely. If your bank sends you an email claiming you have an important message waiting, open a web browser, and navigate there yourself. That way, you can safely find out if the message is real.

Use the hover text to see where a link will take you to ensure it's going to the domain you expect.Dave Johnson/Business Insider

Be wary of any request for sensitive information

Banks and retailers will never ask you for your password or other personal information via email. If you get an email that seems weird, it probably is weird.

Advertisement

What you should do about a phishing attack

In general, nothing. Never reply to a phishing email, ever. Responding lets the sender know it has reached a real person, making you particularly vulnerable to additional attacks. If you get a phishing email, mark it as spam, which helps your email program know that it's not legitimate. Or send it to your trash folder.

If you are getting phishing emails at work using your corporate email, though, you should follow the procedures established by your company's IT department. Usually, IT will want you to forward these emails to a specific email address. This can help the company filter these messages more effectively and prevent other employees from falling victim to an attack.

Related coverage from Tech Reference:

You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article