Phishing. We’re not referring to hanging out on the shores of a beach with your fishing pole in the water, while waiting for a barracuda or a halibut (Can you tell I’m a Californian? Avid fishermen probably can!) to bite so that you can have a bite! Phishing is taking the world by storm and hackers around the world are always gaining new knowledge on new ways to phish for information, your information included. What do you need to know about phishing and how it can directly impact you individually or your business? Let’s talk about IT!

What is Phishing and how exactly does it work?

Although it may seem as though phishing is a new concept, it is actually the complete opposite. Hackers have been phishing ever since they realized that the internet is an open source for identifying easy targets to scam. As the world continues to lean more and more on computers to complete even the smallest tasks, the likelihood for consumers and businesses to become the victim of a cyber attack or phishing scam also increases. Phishing is a form of a cyber attack that targets its victims in the form of an email. The hacker sends out emails to intended targets that resemble the name of a company that is familiar or trusted by the potential victim. The email will look like it is from a familiar name or company, but its contents almost always will include links within the email that are malicious and intended to snag personal user information such as: login credentials, banking institution details, credit card numbers, personal address, and the scary part is this information can also be used for ransom and blackmail attacks..

The hackers are aware of how most of the client and customer interaction occurs over email with each company that is being used to target phishing victims, especially when it is a formal conversation. Thus, they replicate the user experience by creating emails of similar formats, that look and feel authentic to the intended victim, only they are not.

Common “Phish-y” concepts

Hackers are sophisticated enough to pose as someone you may know when they are trying to breach your information. Some hackers may send an email from your boss or CEO of your employer requesting a password change, but the link is malicious allowing your password to be revealed and potentially hacked within moments, this is called “spoofing.” There are a few other common ways that hackers can phish a user:

1. Spear Phishing – is more of a personal attack, wherein the attacker attempts to collect as much personal information as possible. This is done through various methods, especially by observing the victim closely. Using this, the attacker may pretend to be someone the target knows, or can trust, and may take this opportunity to perform malicious acts. This possesses a high risk of leaking all personal data and ending up blackmailed.
2. Spoofing – for hackers, this is the easiest method of manipulation. The target is usually people from workplaces, as the attackers avail themselves of the chance and pretend to be someone from work. After gaining ample trust, they launch the attack, Spoofing is not specifically done through emails, but rather by imposing as a coworker and asking the target to download some file or open a link that apparently, is ‘work-related’. The threat here is on a larger scale, as it is not limited to only the single person, but the company that he/she is working at may also be compromised.
3. Pharming – phishing and pharming go side by side, as in, they have the same motive but they are achieved through different methods. While phishing is done through email, pharming is done by altering the site’s DNS server. Here, the attacker may alter the DNS server of the site that the victim often uses, so that the next time he/she clicks on it, they will be redirected to another site that will steal their credentials or install harmful content on their systems. Either way, this can corrupt system files, or, subjected to blackmailing.

Phishing has no prejudice!

Normal people like you and I are not the only ones subject to being a victim of a phishing scam, hackers focus on anyone and everyone to get what they want including major corporations. Major corporations can be damaged if breached, losing credibility and clients along the way. Check out these breaches from a couple of corporations you might know:

Sony Pictures – Back in 2014, Sony employees received a bunch of spear-phishing emails. The intent was to break into their company’s private data. Thus, the attackers observed their targets and collected information on their colleagues and families through social platforms like LinkedIn & Facebook. Using this, they pretended that the emails were from a friend or a known source. The impact was disastrous, resulting in the loss and theft of around 100 TB of company data, financial tracking, and customer details. In total, it cost Sony damage worth $100 million!

Google and Facebook – Between the years 2013 and 2015, a group of hackers posed as a computer parts vendor that had a business relationship with both companies. The group sent out phishing e-mail that was part of an intent to scam the major corporations and unfortunately they fell for it.. The corporations were sent fraudulent invoices that appeared to be legitimately from their known vendor named Quanta, however they not. Both corporations lost about a combined $100 million!

Stay aware and far far away from being a victim

The more we rely on computers for storing personal details and assets, the more open we are to falling prey to hackers. However, with growing awareness, we now know various methods that we can implement and stay safe. Below are ways we can adapt to protect ourselves from different types of scams:

• Phishing – avoid clicking on clicks on random emails. Only open it when you are fully certain is from a trustworthy source.
• Spoofing – make sure not to download files or software that you have no prior knowledge of. Especially at the workplace, where one wrong move may bring a big blow to the entire firm.
• Pharming – as hard as it may seem to detect a corrupted DNS server, there still are ways to prevent falling victim. The trick is to cautiously observe the site and notice any changes to it that may depict the alteration.
• Spear phishing – to maintain maximum security, it is vital to be aware of who we trust. Especially in friendships that are only a few days old, the sensible decision is to not disclose personal information right away.

Remember, With every step we take, it is crucial to stay careful and do not click on links without examining them first! Even the smallest change can be a sign of something malicious waiting for you! Lastly, avoid downloading anything to your PC that you were not expecting (Your family, friends, employer will usually give you a heads up of something they are sending over) as your PC may be at risk.

Happy surfing (the web that is) and remember, there is no phishing victim if you can’t become a victim! Stay aware and stay safe!