Phishing

What is Phishing?

At a fundamental level, phishing is the attempt by hackers to utilize common digital communication platforms with the intention of deceiving users that the message originated from a credible source
If phishing attempts are successful, recipients will unknowingly click on links or images that send them to a spoofed source Often times this is manifested as login pages or subscription signup forms
Hackers usually want victims to give them personally identifiable information such as their online banking credentials, street address, full name, social security number, credit card number, etc.

Attackers in their messaging impersonate somebody from a trust company or organization

Subject Line
Email address/phone number that the communications are originating from
Check for spelling or grammar errors in the message text
Look for odd or malformed logos
Hover over links without actually clicking them
Look out for messages that convey a threatening or “act fast!” tone
Legitimate message will NEVER ask for credit card, bank, or social security numbers
Look out for messages asking for/giving payment, special refund, coupon, or prizes

Ask you email/text messaging service provider if they provide built-in spam/unknown message filters
Message filters scan the contents and will remove items from your inbox so you never have the chance to open a potential phishing messages
Most email providers (ex. Gmail, Yahoo, etc.) have built in options to enable filters for spam/phishing emails
Many modern phones (including the iPhone) can automatically warn you of potential malicious phone numbers if they call you
Browser extensions such as Clean Email, Barracuda, or Mimecast will actively scan your emails to detect common patterns of fake emails that you might not catch as quickly (this is not a 100% safe guard!)

click unknown links or call unknown phone numbers
end personal information, login credentials, or other sensitive information to any message you receive no matter the sender (even if legitimate)

Don’t be afraid and report it to the appropriate person/group in your organization. This will help them be aware of the situation and to let others know so they are do not fall victims also
If you believe that your bank or other financial institution records and account were apart of the attack, call them immediately and close/freeze all the accounts
You can also report the attack to the Federal Trade Commission (FTC) who are watchdogs who will try to track down the culprit of the attack

You can also contact the Anti-Phishing Working Group or the Internet Crime Complaint Center

According to a PhishMe study and Mimecast, 91% of cyber attacks begin with email phishing

97% of people around the world cannot identify a sophisticated phishing email [source]
65% of U.S. organizations experienced a successful phishing attack in 2019 [source]
In 2018, phishing crimes cost victims $48 million, according to the FBI’s Internet Crime Complaint Center [source]

Education Use For education use, we also made a Phishing Powerpoint to help you gain a better understanding the topic.