Phishing – How did I get phished?

Most of us are fairly cautious when it comes to our online privacy, but there are times when we are caught off-guard.

Imagine one day you open your email account and find an email from your bank. Yes, you do get regular emails from them, but this one just seems a little out of place – especially since it threatens to close your account, if you don’t reply immediately.

This message and similar kinds are examples of ‘phishing’ – an act of attempting to acquire sensitive information such as your bank account number, credit card details, etc. Such emails may contain links to to websites which are infected with malware. These messages look authentic and attempt to get victims to reveal their personal information. But e-mail messages are only one small piece of a phishing scam.

There’s definitely a process involved here; right from planning the attack to deciding who to target. The Phishing process involves –

1. Planning – Phishers (yes, that’s what they’re called) decide which business they’d target and how to procure email addresses of people. They usually use the same mass-emailing technique that spammers use.

2. Setup – Once the victims have been decided upon, phishers create methods for delivering the message and collecting the information.

3. Attack!! – Most of you are already familiar with this – You get a (phony) message which appears to be from a reliable source.

4. Collection of data – The message contains a link that guides you to a website wherein your enter your data, making it available to the phisher.

5. Identity Theft & Fraud – The phishers use the information they’ve gathered to make illegal purchases or otherwise commit fraud. And most of these frauds are never recovered.

Most phishing messages gives the victim a reason to believe that something is wrong and take immediate action. Moreover, since these messages are automated, a lot of people trust them, believing them to be free of human error.

E-mail is the most common way to distribute phishing lures, but some scammers seek out victims through:

  • Instant messages

  • Cell phone text (SMS) messages

  • Chat rooms

  • Fake banner ads

  • Message boards and mailing lists

  • Fake job search sites and job offers

  • Fake browser toolbars

How can I spot a Phishing Email message?

Spelling and bad grammar

Cybercriminals are not known for their grammar and spelling. Professional companies or organizations usually have a staff of copy editors that will not allow a mass email like this to go out to its users. If you notice mistakes in an email, it might be a scam.

Beware of links in email. If you see a link in a suspicious email message, don’t click on it. Rest your mouse (but don’t click) on the link to see if the address matches the link that was typed in the message. In the example below the link reveals the real web address, as shown in the box with the yellow background. The string of cryptic numbers looks nothing like the company’s web address.

Threats

Have you ever received a threat that your account would be closed if you didn’t respond to an email message? The email message shown above is an example of the same trick. Cybercriminals often use threats that your security has been compromised.

Spoofing popular websites or companies

Scam artists use graphics in email that appear to be connected to legitimate websites but actually take you to phony scam sites or legitimate-looking pop-up windows. Cybercriminals also use web addresses that resemble the names of well-known companies but are slightly altered.

There are many small things you should keep eyes open to avoid phishing scams. If you suspect an email of being “phishy”, delete it immediately. You could also change your password and other log-in details for extra security.

Have you encountered Phishing emails? How have you dealt with them? Share your comments with us below 🙂

, , , , , , , ,

No comments yet.

Leave a Reply