What is Phishing?
phish·ing
/ˈfiSHiNG/
noun
the fraudulent practice of sending emails or text messages, or telephone calls purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.
Want to learn more? Start with this quick video:
How to Recognize Phishing
Scammers use email or text messages to trick you into giving them your personal information. They may try to steal your passwords, account numbers, or Social Security number. If they get that information, they could gain access to your email, bank, or other accounts. Every day, scammers attempt thousands of phishing attacks like this, and they're often successful. In one year, consumers lost $62 million to phishing operations, according to the FBI's Internet Crime Complaint Center.
Scammers often change their tactics, but there are several signs that will help you recognize a phishing email or text message.
Phishing
Emails and text messages that look like they’re from a company you know or trust. They may look like they’re from a bank, a credit card company, a social networking site, an online payment website or app, or an online store. Sometimes phishing emails even look like they are from a co-worker or friend!
Phishing emails and text messages often tell a story to persuade you into clicking on a link or opening an attachment. For example, they might:
- say they’ve noticed some suspicious activity or log-in attempts
- claim there’s a problem with your account or your payment information
- say you must confirm some personal information
- include a fake invoice
- want you to click on a link to make a payment
- say you’re eligible to register for a government refund
- offer a coupon for free stuff
Spear Phishing
While general Phishing emails or text messages are sent to a large number of people at once, with Spear Phishing, scammers target specific individuals through emails. Scammers conduct extensive research on the targeted individual and know many details like full name, job title, place of employment, cell phone number, email address, and banking information.
After collecting details, scammers trick individuals by sending an email using some of the specifics so it appears routine and authentic. For example, scammers might send an email appearing to be from your bank regarding a problem with an account transfer or withdrawal. The targeted emails are designed carefully so it’s difficult doubt them.
Smishing
Smishing or SMS Phishing is where scammers attempt to fool individuals by sending fake offers through SMS text messages. The links shared through Smishing are generally malicious and redirect you to download fake malware containing apps.
The scammers trick users by framing catchy text messages; for example – "Get 50% Off on your next purchase at Amazon. Click here to view the offer." or "Get Spotify Premium for Free. Click this link to download now!"
Vishing
Vishing is Phishing conducted through telephone calls. The scammer calls the individual pretending to be an official from a bank or other reputable company with the pretext of alerting you to suspicious activity.
Most banking frauds are conducted through Vishing, in which the scammer pretends to be a banking official, calls you with a fraudulent alert and tricks you into providing your sensitive banking details.
Domain Spoofing
Domain spoofing is when scammers fake a website name or email domain to try to fool you. The goal of domain spoofing is to trick you into interacting with a malicious email or a phishing website as if it were legitimate. Domain spoofing is like a con artist who shows someone fake credentials to gain their trust before taking advantage of them.
In addition to spoofing the URL, the scammer may copy the content and style of a website, complete with images and text.