You always hear about phishing emails, but what are they and what are they trying to do? With phishing, the goal of the attackers is to commit identity theft. Phishing is used in electronic communication by hackers masquerading as a trustworthy entity in an attempt to get sensitive information such as login credentials, account numbers, social security numbers, or other private information. It used to be that identifying a phishing email was easy; it was generally littered with poor grammar and other "tell tale" signs, but the attacks have become much more advanced and sophisticated. Now, hackers can purchase tool kits to create high quality phishing attempts. In the 2015 Symantec Internet Report, it was estimated that as many as 1 in every 965 emails was a phishing attack. Despite all of this, there are preventive measures to keep yourself and your information safe! Let's look at an example:
In this example, we can spot some immediate tell signs of a phishing email. The first sign is the generic salutation: "Dear Client, Dear Customer, Dear Staff/Students..." These are all examples of generic salutations a phishing attempt might use.
Another important feature, and tell tale sign, is a link in the email that leads to a malicious website. This is how the attackers aim to get your information. You can tell the link is malicious by using your cursor to hover over it, if the pop up box shows a sketchy looking address don't click!
If you happen to fall for a phishing attack and give out information or click on a link please follow these steps: immediately delete the email, change your password and scan your system for viruses and spyware. Report the situation to your Service Desk as soon as possible.
To report a phishing attack, please send an email containing the suspected phishing attempt to email@example.com. To attach the phish, compose an email and insert the phishing attack email by dragging it into the new email window and then send. Delete the phishing email after forwarding it.
For additional resources please check out:
- RIT Information Security Phishing page: https://www.rit.edu/security/content/phishing
- RIT Information Security Identity Theft page: https://www.rit.edu/security/content/identity-theft
- Business E-mail Compromise: https://www.ic3.gov/media/2015/150122.aspx
- FTC Recovering from Identity Theft: http://www.consumer.ftc.gov/features/feature-0014-identity-theft
- SonicWALL Phishing IQ Test: https://www.mysonicwall.com/sonicalert/sonicalert.aspx
- Millersmiles.co.uk—the web’s dedicated anti-phishing service: http://www.millersmiles.co.uk/