A phishing attack is a trick e-mail sent randomly to perhaps a million recipients, and the thief counts on the numbers game aspect: Out of any given huge number of people, a significant percentage will fall for the trick.
The trick is that the e-mail contains certain information or is worded in such a way as to get the recipient to click on the link in the message. Clicking on the link brings the user to a website that then downloads malware.
Or, the website is made to look like it’s from the user’s bank or some other major account, asking for their account number and other pertinent information like passwords and usernames; they type it in (and it goes straight to the thief). Sometimes this information is requested straight in the e-mail’s message, and the user sends the information in a direct reply.
The Google Online Security Blog did some analysis of phishing e-mails and came up with the following:
Malicious websites really do work: 45 percent of the time. As for getting users to actually type in their personal information, this happened 14 percent of the time. Even very fake looking sites went over the heads of three percent. Three percent sounds like peanuts, but what’s three percent of one million?
Hasty hackers. Once the hacker gets the login information, he’s into the victim’s account within 30 minutes 20 percent of the time. They may spend a lot of time roaming around in the account, which often includes changing the password to keep the victim out.
Those strange e-mails. Ever get an e-mail in which the sender is a very familiar person, but the message was also cc’d to a hundred other people? And the body message only says, “Hi there!” and then there’s a link? This is likely an e-mail from the victim’s e-mail account (which the hacker knows how to get into), and the thief copied everyone in the victim’s address book. Recipients of these phishing attacks are 36 percent more likely to fall for the ruse than if the attack comes as a single message from an unfamiliar sender.
Fast adaption. Phishing specialists are good at quickly changing their strategies to keep up with changes in security.
The Google Online Security Blog recommends:
- Not all “spam blockers” block 100 percent of all the phishing e-mails. Some will always slip through to your in-box. Never send personal information back to the sender of e-mails requesting personal information. Never visit the site through the link in the e-mail.
- Use two-step verification whenever an account setup offers it. This will make it difficult for the hacker to get into your account.
- Make sure your accounts have a backup e-mail address and phone number.
ROBERT SICILIANO, CEO of IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds. His "tell it like it is" style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders to get the straight talk they need to stay safe in a world in which physical and virtual crime is commonplace. Siciliano is accessible, real, professional, and ready to weigh in and comment at a moment's notice on breaking news.
- Phishing Protection 101
Phishing-type e-mails are designed to trick the recipient into either downloading a virus (which then gives the hacker remote control of the computer) or revealing enough information for the thief to open credit cards in the victim’s name, get into their bank account, etc. There are many ways the crook can trick the victim. Here are
- Phishing Scams: Don’t Click that Link!
You’re sitting on your front porch. You see a stranger walking towards your property. You have no idea whom he is. But he’s nicely dressed. He asks to come inside your house and look through your bank account records, view your checkbook routing number and account number, and jot down the 16-digit numbers of your
- How to Recognize a Phishing Scam
So someone comes up to you in a restaurant—a complete stranger—and asks to look at your driver’s license. What do you do? Show it to that person? You’d have to be one loony tune to do that. However, this same blindness to security occurs all the time when a person is tricked by a “phishing” e-mail
- Security training: the Human Being is impossible to fix
As long as humans sit at computer screens, there will always be infected computers. There’s just no end to people being duped into clicking links that download viruses. A report at theregister.co.uk explains how subjects, unaware they were guinea pigs, fell for a phishing experiment. Subjects were sent an FB message or e-mail from an unfamiliar sender,
- Finding out which Employees keep clicking on Phishing E-mails
You have the best IT security, but dang it…the bad guys keep getting in. This means someone inside your house keeps opening the back door and letting the thieves slip inside. You have to find out who this enabler in your company is, and it may be more than one. They don’t know they’re letting in