Phishing, Spam and Malware
What is Phishing?
Phishing is an attempt, usually via email, to trick a user into revealing personal information such as:
Passwords
Credit card information
Account numbers
Phishing Strategies
Phishers steal information by impersonating a person or organization that you may deal with. They may impersonate your:
IT Administrators
Bank
Credit Card Company
Internet Service Provider
What does a phishing attempt look like?
A phishing email will typically request that you provide some type of account information. Some examples include:
“Your account needs to be updated, please enter your username and password here”
“Your account may have been hacked, please validate your login credentials”
“ We have not received a credit card payment, please provide your account number, or you may be penalized”
“Please click here to complete our online form” (Redirects to a website or form that requests your private information)
Key Indicators of phishing
You are asked for your password. Legitimate sources will NEVER ask for your password via email
The Reply-To or From address is bogus. E.g. “grawtoo@ebizz.ng”
However, phishers often “spoof” or imitate legitimate domains to deceive their targets
The email contains misspelled words
A link is provided in the email that redirects to a new web-page or form.
You are threatened in some way if you do not provide info (account deactivation or deletion).
The phisher is posing as a popular company(Amazon, Google, Facebook, etc…)
Phishing Example:
What happens if I reply to a phishing attempt?
Your email account can be used to send spam/phishing emails to thousands of people(including all of your contacts).
Your banking or credit card info is stolen, resulting in stolen identity.
Your private personal or corporate data is compromised or made public.
What should I do if I receive a possible phishing email?
Don’t reply!
Notify your IT administrator.
Do not click on any links in the email.
Do not open any attachments from suspicious sources.