Phishing 101: What’s a ‘Phish’ Anyway?
January 6, 2014 | Authored by William Prohn CISSP, CISA, CGEIT, CRISC
It seems that criminals and online attackers are constantly finding new, and ever more clever methods for stealing information, always staying one step ahead of the law. What can you do to protect yourself in this war against cybercrime? To start, you must increase your awareness of the threats that face you on a daily basis.
So What is a Phishing Email, Anyway?
A simple definition of phishing is: the use of fraudulent emails to gain access to personal or financial data, as well as to obtain log-in credentials. In the earlier days of emails, you may remember receiving pleading messages claiming to be from a desperate Nigerian prince, usually requesting that you become involved in the transfer of millions of dollars (they were so common that this type of scam has been unofficially labeled the “Nigerian Letter Scam”). Most email users identified these scams, and avoided them, so you may be wondering: “Why is spam still so prevalent?” The answer may surprise you.
Why Do We Still Have Spam?
During the late ’90s and early ’00s, computer security was just starting to become a standard practice for many PC users. Anti-virus software was not the standard it is today, and most computers had gaping vulnerabilities in their systems. This presented hackers with a number of methods for attack, such as viruses, trojans and worms. Steadily, computer security technology (and adoption) adapted to these attack vectors and decreased the number of opportunities for cyber criminals to gain access.
How did the hackers respond? By turning to the greatest vulnerability of all: the human! You can have the latest security technology available and dismantle it all with a single misguided click. Phishing attacks rely on our natural responses to fear (Oh no! Your bank account is frozen!) , excitement (You won our annual raffle!) and curiosity (You can make $5,000 in just 5 minutes!) to lure us into a trap. Simply put, security technology has become so strong that hackers have been forced to utilize spam attacks! Oh, the irony!
Today, email scams have become so sophisticated that even experienced security professionals have fallen victim to them. We will address these e-threats in three seperate posts:
- Basic Schemes: A refresher on the Nigerian Letter Scam.
- Advanced Schemes: These emails often mimic trusted brands, such as PayPal or UPS, and are considerably more difficult to identify
- Targeted Schemes: Emails intended specifically for you, and may use information from your social networks to reel you in to their trap
Basic Schemes
About the Author
William Prohn CISSP, CISA, CGEIT, CRISC
Bill oversees all aspects of information technology for the firm, and provides consulting services to a wide spectrum of Dopkins’ clients. He has over 30 years of experience in accounting and business information systems. His specific interests include creating meaningful, practical management information using computer technologies, and the security of business information and systems.