What is a phishing attack? A phishing attack is a form of social engineering by which cyber criminals attempt to trick individuals by creating and sending fake emails that appear to be from an authentic source, such as a business or colleague. The email might ask you to confirm personal account information such as a password or prompt you to open a malicious attachment that infects your computer with a virus or malware.
Phishing emails are the most common online cyber threat, and that is why it is important to be aware of the tell-tale signs and know what to do when you encounter them.
The following is an example of a phishing email, along with explanation on the tell-tale signs:
Subject: Low Cost Dream Vacation loans!!!
We understand that money can be tight, and you may not be able to afford to go on vacation this year.
However, we have a solution. My company, Easy Banking and Trust is willing to offer low cost loans to get your through the vacation season. Interest rates are as low at 3% for 2 years. If you are interested in getting a loan, please fill out the attached contact form and send it back to us. We contact you within 2 days to arrange a deposit into your checking account.
Please email your completed form to EasyLoans@worldbankandtrust.com.
Your dream vacation is just a few clicks away!
Dr. Eugene Gotcha
World Bank and Trust
177a Bleecker Street, New York, NY10012
What did you notice in the Email Example?
In this email, you can see that the scammer wants to give us a low-cost loan with no credit check. They say we just need to send them our information and they will give us money, right? Not only does it seem too good to be true, but also when you hover the cursor over the email address to examine it further, you see that the link has a different destination. It is the email address of the attacker.
Lastly, if you notice the name of the person sending the email, you will notice Dr. Eugene Gotcha. Don’t let the bad guys be able to say they “Gotcha”!
It is often the case that a phishing email will come from an address that appears to be genuine. Criminals aim to trick recipients by including the name of a legitimate company within the structure of email and web addresses. If you only glance at these details they can look very real but if you take a moment to actually examine the email address you may find that it’s a bogus variation intended to appear authentic ‒ for example: @mail.airbnb.work as opposed to @Airbnb.com
Remember these cyber criminals will look to take advantage of the trusting nature of a human being with these phishing attempts. Whenever you doubt the legitimacy of an email just throw it out (delete it!).