In this series of blogs on phishing to coincide with National Cyber Security Awareness Month 2015, we will explore the fundamentals of email phishing, starting with what is email phishing?
Email is one of the most ubiquitous forms of communication around the globe. However, this proliferation has been accompanied by a growing number of cyber criminals who use it as a tool for cyber attacks. Frequently hitting the headlines as a popular – and very successful – cyber criminal method of attack is email phishing.
So, what is phishing exactly?
Email phishing is a method used by fraudsters to access valuable personal details, such as usernames and passwords. The most common example is when you receive a fake email that looks like it came from a trusted source (e.g. your bank), but takes you to a forged website that is designed to steal confidential or personal data (e.g. your bank login details).
The UK consumer association Which? found that people receive, on average, up to 20 phishing emails a month. These messages tend to be sophisticated spoofs pretending to be from government departments, banks and major brands, and it’s becoming progressively more difficult for consumers to distinguish between mimics and genuine correspondence.
Phishers often use a wide variety of social engineering ploys to trick their victims into unguarded behavior, such as requiring recipients to respond to an email or clicking on a link immediately by claiming that they will lose something of value (e.g. a subscription or bank account access) if they do not. The danger is that email phishing is becoming more and more sophisticated so it is increasingly difficult for consumers to distinguish between legitimate and fraudulent emails. To help better identify legitimate email, organizations such as Google and Microsoft offer tips for recognizing phishing emails and advice on reporting phishing emails to the relevant organizations and authorities.
The second installment of our fundamentals of phishing blog series will appear next week. For more cybersecurity tips, news, and resources highlighting National Cyber Security Awareness Month, follow the #CyberAware hashtag.