What is Phishing?Here’s an analogy to better understand: Imagine a fisherman baiting a hook and tossing it into a lake in hopes of getting a bite. If a fish bites, the fisherman reels it in. But, if it doesn’t, the fisherman fails and the fish keeps swimming. Phishing is the same way. A cybercriminal can only gain access to your accounts or information if you fall for the bait. For example, a hacker might design an email disguised as your bank telling you your account has been compromised. They ask you to click on a link to verify your identity. If you click on the link and fill out the information, you have now provided them with the information to access your finances.
Types of PhishingHackers attempt to get victims to do one of two things to get what they want. Some cybercriminals try to trick you into giving up your information. This is similar to the bank example above. Other hackers prefer to have you download malware. Often, these types of emails will include a download attachment, often a .zip file or Microsoft document, embedded with malicious code.
How to Prevent Phishing AttacksIf you know how to spot a phishing attempt, you can avoid compromising your data and report it to the Federal Trade Commission. Here are the steps you can follow to confirm the identity of an email sender:
- Always check the spelling of URLs in email links before you click
- Watch out for URL redirects, where hackers sent you to a different website with identical design
- If you receive a suspicious email from a source you know, contact them with a new email, rather than replying