They're phishing, what's the strategy?
Welcome to the first post in our "no bull" email security series.
Phishing. Funny name. Serious topic.
“Phishing” involves the use of fraudulent emails and copy-cat websites to trick you into revealing valuable personal information or installing a virus. The fraudsters who collect this information then use it to steal your money or identity or hold your data to ransom.
When fraudsters go on “phishing” expeditions, they lure their targets into a false sense of security by hijacking the familiar trusted logos of legitimate companies. A typical phishing scam starts with a fraudster sending out millions of emails that appear to come from a high-profile financial services provider, government agency or shipping company.
The email will usually ask you to provide valuable information about yourself or to “verify” information that you previously provided when you established your online account or entice you to download infected files. To maximize the chances that a recipient will respond, the fraudster might employ any or all of the following tactics:
Names of Real Companies — Rather than a phony company from scratch, the fraudster might use a legitimate company's name and incorporate the look and feel of its website (including the color scheme and graphics) into the phishy email.
“From” an Actual Employee — The “from” line or the text of the message (or both) might contain the names of real people who actually work for the company. That way, if you contacted the company to confirm whether “Jane Doe” truly is “VP of Client Services,” you’d get a positive response and feel assured.
URLs that “Look Right” — The email might include a convenient link to a seemingly legitimate website where you can enter the information the fraudster wants to steal. But in reality the website will be a quickly cobbled copy-cat — a “spoofed” website that looks for all the world like the real thing. In some cases, the link might lead to select pages of a legitimate website — such as the real company’s actual privacy policy or legal disclaimer.
Urgent Messages — Many fraudsters use fear to trigger a response, and phishers are no different. In common phishing scams, the emails warn that failure to respond will result in your no longer having access to your account, or excessive fees if you delay. Other emails might claim that the company has detected suspicious activity in your account or that it is implementing new privacy software or identity theft solutions.
If you are not sure what a Phishing email looks like we encourage you to read a few examples at the following website: http://netforbeginners.about.com/od/scamsandidentitytheft/ig/Phishing-Scams-and-Email-Cons/
