Phishing
Imagine that you get an email one morning. It appears
to be from your bank. The email warns that someone
broke into your account. It says that you need to sign
in to check some things. You click the link in the email.
It takes you to a site that looks very much like your
bank’s. You enter your username and password. You
submit the form. You’ve just been phished!
Phishing is a type of attack that happens over the
Internet. Users receive an email or text message that
seems like it came from a trusted source. These users
are being deceived. They are interacting with dangerous hackers. The attackers copy trusted companies.
They send users to web pages that look like the ones
we use everyday. When users login or provide sensitive information, the attackers steal this data.
Attackers want your data for many reasons. They may
use your data to commit identity fraud. This is when
they use your identity to buy something with your credit. Then they receive the goods and you receive the bill.
Or they may want your password to take over a computer network. They may want access to private emails.
They may want customer records. They gain access by
tricking people into giving them their login info.
Some phishing attacks are targeted. A targeted
phishing attack is called a spear phishing attack. These
attacks are dangerous because they are convincing.
The attacker may know the target’s name, address,
or job title. They may have gathered info from social
networks, like the names of friends or family. The
attackers may use this personal information to craft a
believable email. The target will be tricked into clicking a link. The link will send them to a phony website.
This site will look familiar, but it will be a spoofed site
built to steal data. Any data that the target submits
will go to the hacker.
Phishing attacks are dangerous, but you can spot them
if you pay attention. One thing to watch is your address
bar in your browser. Attackers use domains that look
like the ones that we trust, but they are not the same.
For example, in 2016 staffers from Hillary Clinton’s
campaign were spear phished. The attackers used the
domain accounts-google.com. That domain looks like
google.com, but it isn’t the same. When logging into
google, you should always do it from google.com. Likewise, when logging into any account, make sure the
address matches what you expect. If you are unsure,
search for the site and login from the root domain.
An even better way to secure your account against
phishing attacks is to use 2FA: two factor authentication. 2FA means that your account is secured with
two keys. The first is your password. The second key is
a random code that changes every few minutes. This
code may be generated by a 2FA app, like Authy. Or it
can be sent to your cell phone on request. If you activate 2FA on your accounts, an attacker will not be able
to get in even with your password.
Phishing attacks are scary and common. The reason
why they are common is that they are effective. Many
people accept appearances without suspicion. Browsing the Internet safely requires a healthy amount of
suspicion. Not everything is what it appears. Nobody
is trying to give you free money. Don’t trust; verify.