Phishing 101: What’s a ‘Phish’ Anyway?

January 6, 2014 –

One step ahead.

It seems that criminals and online attackers are constantly finding new, and ever more clever methods for stealing information, always staying one step ahead of the law. What can you do to protect yourself in this war against cybercrime? To start, you must increase your awareness of the threats that face you on a daily basis.

So What is a Phishing Email, Anyway?

A simple definition of phishing is: the use of fraudulent emails to gain access to personal or financial data, as well as to obtain log-in credentials. In the earlier days of emails, you may remember receiving pleading messages claiming to be from a desperate Nigerian prince, usually requesting that you become involved in the transfer of millions of dollars (they were so common that this type of scam has been unofficially labeled the “Nigerian Letter Scam”). Most email users identified these scams, and avoided them, so you may be wondering: “Why is spam still so prevalent?” The answer may surprise you.

Why Do We Still Have Spam?

During the late ’90s and early ’00s, computer security was just starting to become a standard practice for many PC users. Anti-virus software was not the standard it is today, and most computers had gaping vulnerabilities in their systems. This presented hackers with a number of methods for attack, such as viruses, trojans and worms. Steadily, computer security technology (and adoption) adapted to these attack vectors and decreased the number of opportunities for cyber criminals to gain access.

How did the hackers respond? By turning to the greatest vulnerability of all: the human! You can have the latest security technology available and dismantle it all with a single misguided click. Phishing attacks rely on our natural responses to fear (Oh no! Your bank account is frozen!) , excitement (You won our annual raffle!) and curiosity (You can make $5,000 in just 5 minutes!) to lure us into a trap. Simply put, security technology has become so strong that hackers have been forced to utilize spam attacks! Oh, the irony!

Today, email scams have become so sophisticated that even experienced security professionals have fallen victim to them. We will address these e-threats in three seperate posts:

  1. Basic Schemes: A refresher on the Nigerian Letter Scam.
  2. Advanced Schemes: These emails often mimic trusted brands, such as PayPal or UPS, and are considerably more difficult to identify
  3. Targeted Schemes: Emails intended specifically for you, and may use information from your social networks to reel you in to their trap
Examples will be provided to help you identify key red flags and warning signs so that you can avoid these attacks in the future. In addition, a simple checklist will be provided that you can reference when you are unsure of the validity of an email.

Basic Schemes

Below you will see an example of a typical Nigerian Letter Scam (also known as a “419 Fraud”). The email is offering a ‘too-good-to-be-true’ opportunity in which you will be compensated up to $4,000 a week for acting as a middle man. If only making money was this easy! When in doubt, it’s always best to play it safe. Don’t hesitate, delete it!
For more information, please contact William Prohn at wprohn@dopkins.com.

About the Author

William Prohn CISSP, CISA, CGEIT, CRISC

Bill oversees all aspects of information technology for the firm, and provides consulting services to a wide spectrum of Dopkins’ clients. He has over 30 years of experience in accounting and business information systems. His specific interests include creating meaningful, practical management information using computer technologies, and the security of business information and systems.

Careers

Whether you are evaluating career opportunities as an accountant, business consultant or IT professional, you'll want to know what differentiates Dopkins & Company from all the competition. Learn more today.

Learn More