Give me all your money: Go Phish

Phishing (pronounced as “fishing”) is a type of attack that cybercriminals carry out to get your valuable personal and financial information. Phishing is different from malware or virus attacks that primarily use technology to get this kind of valuable information. Phishing instead tries to fool you into handing over this information. Because phishing relies more on targeting people than technology, it’s sometimes referred to as a type of “social engineering” attack. Since phishing generally doesn’t try to install malware like Trojan horses or keyloggers, regular antivirus and anti-malware may not help protect against it. But more advanced security suites do include “phishing filters” and web reputation services that can help protect you from phishing attempts. Phishing is often sent out to thousands or millions of people as part of a spam attack, very often sent from zombie computers that are part of large botnets.

  • Some of the most common phishing target sites include PayPal, eBay, Battle.net, AOL, and Runescape
  • Phishing is not only limited to email. SMS phishing (or “smishing”) is a tactic where cybercriminals send text messages with URL links. Users who click on the link are then led to phishing sites.
  • Often phishing webpages remain online for less than an hour in order to avoid detection.

Phishing is called phishing because a hacker puts “bait” in front of you hoping that you’ll “bite” so they can “hook” you. People in security spell it with a “ph” to distinguish it from real-world fishing and because there’s a tradition of using “ph” rather than “f” when describing hacker activity. In phishing, the bait is something that is meant to convince you to give up important information. The most common way cybercriminals try to bait you is to send you an email that looks real and typically tries to scare you. For instance, you might get an email that looks like it comes from your bank saying that there’s a problem with your account and you need to go to their site and confirm your information with them. When you click on the links in the fake email, it will take you to the criminal’s site, not your bank’s site. And when you enter your information and send it to them, you’ve taken the bait and they’ve hooked you. Now, the information you entered is in the hands of the bad guys and they can sell it or use it however they want.

Phishing is a huge problem and even sophisticated users can fall victim; it can be hard to tell if an email is really from who it says it’s from. This is why security software is so important; it can identify known phishing emails for you and also recognize dangerous websites that aren’t who they say they are.

But because phishing focuses on people rather than technology, you have to be part of the solution too. In addition to running up-to-date anti-phishing and web reputation security software, you should be wary. Don’t assume that an email is from who it says it’s from when it tells you that you have to go enter information on a website. Don’t click on links in emails; go to your bank or other site directly. And if you’re still not sure, ask their customer service team for help. Phishing is ultimately a problem for banks, so they won’t mind helping you verify if there’s a real problem or not.

Think you’re a phishing or smishing target?

Trend Micro recommends the following product to help you regain control of your system:

FOR HOME & HOME OFFICE

TREND MICRO TITANIUM MAXIMUM SECURITY

Advanced multiple device protection and privacy for your digital life

  • Protects against viruses
  • Blocks dangerous websites
  • Guards against identity theft
  • Provides safe search results
  • Safeguards children online
  • Manages your online privacy
  • Safeguards sensitive files
  • Optimizes performance with System Tuner
  • Includes 5 GB of cloud storage
  • Includes Android mobile device security

FOR SMALL & MEDIUM BUSINESS

WORRY-FREE BUSINESS SECURITY ADVANCED EDITION

All-in-one solution for growing companies with limited IT resources; protects mail servers, file servers, PCs and Macs.

  • Web threat protection
  • Antivirus, antispyware, and antispam
  • URL filtering
  • Data loss prevention via USB
  • Data loss prevention via email
  • Hosted Email Security-Inbound filtering
  • Protection for Android devices
  • Protection for both PCs and Macs
  • Protection for Microsoft Exchange Server
See what others are saying about Phishing:
= Link leaves this site.