What Is Phishing and How Does It Work?
The term “phishing” is new to a lot of people. It has been around for at least 10 years. It’s one of the most simple things I can explain to my clients.
The bad guys are imitating well-known brands through emails and websites. The goal is to steal your login information or to get you to give it up on your own without being asked. Trying to get information in the non-tech world would be called fishing. Phishing is a term used in cybersecurity to describe this.
This Is How It Works
Most of the time, you’ll get an email that looks like it came from a well-known vendor or business. Often, Microsoft is at the top of the list for Phishing attacks where the bad guys try to get you to click on a link to get “free software.” Google is often at the top of the list for giving away free Chromebooks or other things like that.
The user doesn’t know what to do when they click on the link in the email. They’ll either see an error, or nothing happens most of the time. What has happened is that you’ve agreed to the criminal’s payload and installed malware on your computer, which is what happened.
In some cases, you are sent to a fake website that looks like the real site. You get an error message when you try to log in because the site isn’t accurate. What you’ve done is give the bad guys your login information.
A Checkpoint Security Firm
Checkpoint has released their top 10 brands used in Phishing attacks, and Microsoft is no longer at the top of the list. For now, at least.
For Q4 data from 2021, here are their top ten picks:
- Apple (2%)
- Microsoft (20%)
- DHL (impersonated in 23% of all phishing attacks, globally)
- WhatsApp (11%)
- FedEx (3%)
- LinkedIn (8%)
- Google (10%)
- Amazon (4%)
- Paypal (2%)
- Roblox (3%)
There Are Many Different Scams
Every day, new scams come out, and I could write a whole book about them.
The DHL one is pretty much the same as the one above. You’ll get an email with a link to click that says they’re “trying to deliver a package but having problems,” and they hope you’ll click the link and give them your login information.
In the past, it has been hard to tell if the Paypal ones were fake or real. When they send you an email, they might say that your account has been suspended. The email is often very close to an actual Paypal email. As you know, of course, if the link isn’t actual and you click on it and give out your login information, the criminals will be able to get into your bank account.
Is There Anything You Can Do?
The first thing to do is get your IT provider to talk to you about their options. People often set up programs to send fake phishing emails to your employees to see if they click on them. If they do, they can get them to sign up for online training lessons.
It’s not practical to tell people not to click on anything because, as I said before, I have to stop and carefully look at something to make sure it’s real.
Conclusion and Two Things Are the Best Thing I Can Tell You
- You should not click on the link even if these emails seem accurate. Even if they look real, instead, go to the company’s website on your own. This way, you avoid the Phishing attack period.
- Call them and tell them about the email. They’ll let you know if it’s real, and if not, they’ll either say they’re working on the problem right now or thank you for letting them know.