Phishing
Imagine that you get an email one morning. It appears to be from your bank. The email warns that someone broke into your account. It says that you need to sign in to check some things. You click the link in the email. It takes you to a site that looks very much like your bank’s. You enter your username and password. You submit the form. You’ve just been phished!
Phishing is a type of attack that happens over the Internet. Users receive an email or text message that seems like it came from a trusted source. These users are being deceived. They are interacting with dangerous hackers. The attackers copy trusted companies. They send users to web pages that look like the ones we use everyday. When users login or provide sensitive information, the attackers steal this data.
Attackers want your data for many reasons. They may use your data to commit identity fraud. This is when they use your identity to buy something with your credit. Then they receive the goods and you receive the bill. Or they may want your password to take over a computer network. They may want access to private emails. They may want customer records. They gain access by tricking people into giving them their login info.
Some phishing attacks are targeted. A targeted phishing attack is called a spear phishing attack. These attacks are dangerous because they are convincing. The attacker may know the target’s name, address, or job title. They may have gathered info from social networks, like the names of friends or family. The attackers may use this personal information to craft a believable email. The target will be tricked into clicking a link. The link will send them to a phony website. This site will look familiar, but it will be a spoofed site built to steal data. Any data that the target submits will go to the hacker.
Phishing attacks are dangerous, but you can spot them if you pay attention. One thing to watch is your address bar in your browser. Attackers use domains that look like the ones that we trust, but they are not the same. For example, in 2016 staffers from Hillary Clinton’s campaign were spear phished. The attackers used the domain accounts-google.com. That domain looks like google.com, but it isn’t the same. When logging into google, you should always do it from google.com. Likewise, when logging into any account, make sure the address matches what you expect. If you are unsure, search for the site and login from the root domain.
An even better way to secure your account against phishing attacks is to use 2FA: two factor authentication. 2FA means that your account is secured with two keys. The first is your password. The second key is a random code that changes every few minutes. This code may be generated by a 2FA app, like Authy. Or it can be sent to your cell phone on request. If you activate 2FA on your accounts, an attacker will not be able to get in even with your password.
Phishing attacks are scary and common. The reason why they are common is that they are effective. Many people accept appearances without suspicion. Browsing the Internet safely requires a healthy amount of suspicion. Not everything is what it appears. Nobody is trying to give you free money. Don’t trust; verify.
