In some of our previous blogs, we discussed what phishing is and the dangers it brings to your cybersecurity. Since January, the bad guys have used Covid-19 to stage phishing scams related to the pandemic. These scams range from offering phony news updates to imitating organizations like the Center for Disease Control (CDC). This blog is the beginning of a three-part series about phishing: how to identify it, how to prevent it, and what to do if you become a victim.
What is Phishing?
Phishing is a type of social engineering. Phishing emails are emails sent to convince people to disclose personal data such as financial info, social security numbers or usernames & passwords. Almost all phishing emails have a link or attachment in them. There are several types of email phishing: “Spear Phishing” targets specific individuals or companies. “Whaling” is spear phishing but directed at senior officials or other high-profile targets. There is also “Clone Phishing” which is when the address and content of a genuine email is copied but the links or attachments of the original email are replaced with false ones.
False Links and Attachments
As we previously stated, almost all phishing emails have a link or attachment in them. If a phishing email contains a link, the link will appear to be from a legit institution such as a bank, government website or a company/vendor a person may use. The goal is to get the person to click on the link which will take them to a fraudulent website, prompting them for personal info like a username and password or social security number.
Phishing emails may also contain attachments in them. The email and its attachment generally claim to have some sort of beneficial information but normally contain spyware, viruses, or other malicious malware. When a person downloads the attachment, malware is downloaded onto the computer. However, the attachment may also be a form to fill out. For example, a person may receive a phishing email that appears to be from their bank. The email may have an attachment disguised as a form for a credit card application which asks for personal info.
There are different types of phishing emails, but they all have one thing in common – to extract someone’s personal data. In our next blog we will discuss certain clues that may indicate if you have been phished such as email requests from a known person but unknown address and the same name emailing you from a different email address.
If you feel that you have been phished in any type of way, Cantrell’s Computer Sales & Service is here for you. Please contact us at 925-827-1200 if you have any questions or if you have been a victim of phishing. We can help you stop the damage. Or better yet, we can help you avoid being a victim of a cybercrime. Contact us if you wish to have a business cybersecurity assessment and dark web scan.