What is phishing ? Definition from Digimagg

Phishing is a fraudulent scheme employed by cybercriminals to deceive individuals into revealing sensitive personal information like Social Security numbers, passwords, and birth dates, or to manipulate them into sending money to scammers.

Typically, phishing attacks manifest through deceptive emails and text messages. However, phishing can encompass various forms of social engineering aimed at coaxing victims into sharing information or sending money to fraudsters.

Similar to fishing, phishing attacks employ diverse bait, such as personal details (e.g., familial connections, educational background, affiliations), or enticing subject lines (e.g., prize winnings, pending tax refunds), to lure victims into clicking links, making calls, or transferring funds.

Social media platforms provide fertile ground for criminals to gather personal data or impersonate acquaintances, complicating the detection of these schemes.

In efforts to dupe recipients, attackers employ sophisticated techniques like email spoofing, creating counterfeit emails that closely mimic authentic correspondence in appearance, including logos, writing style, and email addresses. A common tactic involves altering a single letter in the sender's email address to resemble that of a legitimate organization, making detection challenging at first glance.

Exploiting human emotions: Common phishing tactics

Phishing emails exploit our fundamental needs and aspirations, such as emergencies, financial gains, overdue payments, and communications from acquaintances. They frequently present an urgent call to action, compelling recipients to react hastily without considering the potential consequences or verifying the email's legitimacy.

According to the Federal Trade Commission (FTC), common phishing narratives include claims of overdue payments, requests for verification to receive tax refunds, reports of suspicious account activity or login attempts, and offers of coupons, discounts, or free items. Any unexpected email offering lucrative job opportunities, affordable rent, tax refunds, or other financial incentives should be treated with caution. To validate the authenticity of such emails, contact the purported source directly. If the email claims to be from entities like the IRS, your bank, or a potential employer, make sure to verify the contact details independently and refrain from calling any numbers provided in the email.

Phishing attacks often exploit current events, as seen with the rise of scams related to rental assistance and IRS refunds during the Covid era. By addressing genuine concerns and offering solutions, scammers may deceive individuals into believing their authenticity.

What motivates scammers to distribute counterfeit emails and texts?

The objective behind phishing or disseminating counterfeit emails and texts typically involves persuading recipients to click on a link or download a file. These links or downloads often serve one of two purposes:

• Directing users to a website that solicits personal information, such as passwords or credit card numbers.
• Installing malware—viruses, spyware, or ransomware—onto the recipient's computer.

It's possible to remain unaware of malware presence on your computer, which can pose significant risks. If hackers gain access to your accounts or install a keystroke logger on your device, they could inflict substantial damage on your life. In the event that you do click on a suspicious link, it's advisable to run a malware diagnostics check or have your device inspected by a professional.

What should you do after clicking on a phishing link?

What steps should you take if you've fallen for a phishing link (don't worry, it can happen to anyone)? 

• Disconnect from the internet to prevent malware spread. You can quickly do this by enabling airplane mode or disabling Wi-Fi in your device settings.
• Back up your data, saving essential files like documents and pictures to a USB drive.
• Run a malware scanner to detect any viruses or suspicious files on your computer. If uncertain, consider seeking professional assistance to ensure your device is clean.
• Change your passwords across various websites and apps to safeguard yourself from further harm.
• Implement two-factor authentication on critical platforms such as banking, social media, and work-related sites for an added layer of security.
• Notify potentially affected individuals, such as those who may have received forwarded phishing emails, and advise them to delete the messages. If the scammer impersonated someone you know, inform the person being impersonated to alert their contacts.
• Report phishing emails to email servers like Google or forward them to the Anti-Phishing Working Group at [email protected], comprising security vendors, financial institutions, and law enforcement agencies.

If sensitive information was compromised, contact relevant authorities. For instance, report Social Security number breaches to the Office of Inspector General (OIG) at 1-800-269-0271 or submit an online report. For compromised credit cards or bank accounts, use the contact information provided on the back of your card or bank statements to report the incident.

How can you safeguard against phishing attacks?

• Ensure your device's software receives regular updates, which can be automated for convenience.
• Enhance account security by employing multi-factor authentication, necessitating multiple forms of identification for access.
• Exercise caution when encountering email or text links, verifying both the link and its source before clicking.
• Regularly back up device data, including essential documents and photos, to safeguard against potential loss.

How can you recognize a phishing email or text message?

Occasionally, certain indicators reveal that an email is deceptive. Key signs include spelling errors, grammatical mistakes, intimidating language, and requests to click on links or attachments, or to contact the company to address a billing issue or claim a refund.

For instance, a phishing email might feature the name and logo of a recognizable company, along with a message regarding an unauthorized charge for a service the recipient likely did not sign up for. Exploiting the common occurrence of unexpected charges for auto-renewals or other services, the scammer aims to grab attention and provoke immediate action.

If you suspect the authenticity of an email, it's advisable to contact the company directly. Avoid using the contact details provided in the email; instead, conduct your own research to obtain the company's contact information to ensure genuine communication.