A Brief Phishing Overview


Most individuals who work with computers know about phishing. They may realize that it’s a rather insidious way for a hacker to try and access your data. Phishing can cause data theft, leading to identity theft and other headaches.

You want to avoid identity theft and hackers accessing your work or home computer. At home, a hacker who spearheads a successful phishing attack might steal your bank account information and private photos. In a workplace environment, they might walk away with all of your employees’ social security numbers or your clients’ credit card numbers.

You don’t want that to happen, so it pays to stay ready for phishing attacks and know how to repel them. Let’s talk about what a phishing attack looks like and what you can do to identify one.

What Exactly is Phishing?

Phishing is not usually the most sophisticated method a hacker can use to try and hack your system. However, these attacks work more times than you might expect. Last year, the FBI fielded more than 240,000 phishing-related complaints. You can imagine the time and resources they had to expend looking into all of those.

A phishing attack is a specific cybercrime. Someone poses as a trusted entity, like a bank representative, a work colleague, something from the Internal Revenue Service trying to get in touch with you, a phone company, etc.

They often try to reach out to you through email. There are various ways they can get your email address. Once they have it, nothing prevents them from composing and sending you a phishing email that they want you to open. What the hacker loves even more than that is if you open an attachment they send along with the email.

If you feel like the email comes from a legit entity, you might open it and the attachment without thinking very hard about it. When you do, you can unleash malware into your system. The hacker can instantly start looking through your software to see what kind of information they can steal and exploit.

How Can You Stop Phishing Attacks?

Some people in the IT world call phishing attacks passive attacks. That is the opposite of an active or brute-force attack, where a hacker actively tries to break into your software suite, where they will rummage around, looking for any data or secrets.

Once they have those, identity theft is possible, but the hacker can also try to hold your data for ransom. That’s what the FBI has to deal with so often every year.

A secure email gateway is your first defense against a phishing attack. Your gateway can usually identify an email that doesn’t look or feel right. The gateway can first see if the email comes from a trusted sender. If it doesn’t, it will immediately send it to the junk email box.

You can usually simply trash everything in that box, though you should glance through it before you do. Every once in a while, a legitimate communication ends up in your junk email box, such as a tracking number for something you ordered.

What Else Can You Do?

Even if your spam filter correctly identifies most phishing attack emails, there will be times when one sneaks through and lands in your inbox. Maybe this happens at work, or perhaps you’re at home.

For the most part, there is never a reason to open an email from a source you’re not sure about or can’t immediately identify. It’s not too likely the IRS will try to contact you by email, and a Saudi prince certainly has no reason to do so.

Still, if you’re not sure about an email, the subject line should have a preview of the content inside. You can look at that preview before opening the email. If you see a garbled string of numbers, symbols, and letters, that’s not legitimate communication that you’d ever need to open. If you see a bunch of misspellings and unnecessary capitalization, those are dead giveaways as well.

If you’re not sure about an email, it’s better to toss it without opening it. If you do open it, then never download and open an attachment that comes with it. You might conserve your data and block this type of passive hacker attack if you merely open the email. If you download and open the attachment, that can be the way the hacker runs amuck within your system.

Phishing Attack Training

You’d think that phishing attacks would not work against that many people if they know about them and expect them. Still, phishing attacks work more often than you might imagine, even in work environments where you’d expect more care and savvy from professionals.

You can conduct annual phishing seminars at your workplace. Make attendance mandatory. Some might roll their eyes when they have to attend, but it never hurts to remind everyone to watch out for email senders they don’t recognize and to never open anything that looks remotely suspicious.

You should also ensure everyone in your business entity knows about spear phishing as well. Spear phishing is another, slightly different attack form.

With spear phishing, a hacker will impersonate someone you know because they’ve gotten into your contact list. The email might seem legit. You open it because you recognize the name on it, and you don’t immediately see any glaring typos.

The hacker will then ask for money. If you have someone contact you out of the blue demanding money for some dubious-sounding cause, you should feel suspicion about that. If you think there’s any chance that this is legit solicitation from that person, you might call them. Don’t send any money without thinking about it, or you may regret it afterward.

If you know that phishing attacks happen often in both home and professional settings, you’ll learn to watch out for them. It pays to stay wary when you conduct yourself online, and phishing attacks are one of the prime reasons why.