Information Technology Reference
In-Depth Information
Phishing
One of the common threats—and one that is also easy to carry out—is
phishing. In a
phishing
attack, offenders send email messages to unsus-
pecting users in an attempt to trick them into giving away personal
information such as login details or credit card information. The attack-
ers then use this information to conduct fraudulent activity. This type of
attack is often successful because the email messages appear to be from a
trustworthy source, such as a bank or other reputable organization.
phishing
The act of attempting to acquire infor-
mation such as usernames, passwords, credit card
information, and so forth, by pretending to be from
a genuine, trustworthy source such as a bank.
Legitimate banks and other companies will
never
send an email asking you to submit sensitive personal
information online. Never click on the links in such emails. As a good Internet citizen, you should report the
emails to the bank or other company to make it aware of the phishing attempts.
CAUTION
Phishing emails are getting more sophisticated and harder to recognize,
but here are some considerations that will help you identify them:
◾
Do you actually have an account with that bank or company? If
not, then it's reasonable to assume the message is an attempt at
phishing.
◾
Check the source of the email. Does the email address match the
organization's standard email address? Check not only the address
that appears as text in the message, but also the address that
appears as a ScreenTip when you point the mouse at it.
◾
If you hover over the link to the company website with your
mouse, it shows you the true URL. Is the address correct?
◾
Are there grammar and spelling mistakes? Does the message appear
in the language you would expect? Even if the body text is in the
expected language, are there buttons or other details with text in
another language? These are all indications of a possible attempt at
phishing.
◾
Check for the presence of the security padlock icon in the address
bar. The presence of the security padlock icon is an indication that
the message may be genuine—although it is not a guarantee.
Finally, remember that real companies and banks
never
ask for personal
information in this way.
In April 2014, security experts discovered a security bug that affected Internet users worldwide. Called
“Heartbleed,” the bug placed around half a million of the world's secure servers—the ones indicated by the
aforementioned security padlock icon—vulnerable to attack, placing the servers' private keys and users'
session cookies and passwords at risk. Most sites quickly patched the problem, but sensitive data for many
users was vulnerable in the interim.
CAUTION
