Phishing, Spear Phishing and Whaling . . . Don't Be Easily Fooled
By: Teresa Mitchell, June Bachman and Wendy Ogryzek ~
There are a number of different types of strategies spammers use in their attempt to steal your personal and private information using email. The best offense is a good defense. Raising your awareness of these strategies is the best way to arm yourself and decrease your chances of falling victim to these spammers.
Phishing, Spear Phishing and Whaling
Phishing is a sophisticated prank of sorts that lures unsuspecting email recipients into divulging sensitive information, such as credit card account numbers, usernames and passwords. Phishing emails look strikingly similar to those used by trusted brands, such as Bank of America, Pay Pal or Ebay. If we bite on the phishing lure we are directed to a website looks exactly like the legitimate business website. If we are actually hooked on the phishing scam and enter our user name and password, we disclose our sensitive information to the spammer; fraud and forgery are sure to follow.
Spear phishing is target market phishing. The phisher targets specific recipients and then sends that target audience an email using similar brand identifiers as the audience would be most familiar with. For example, as BECU clients we received a targeted phishing email with the same look and feel as an actual BECU email.
Whaling goes after the really big fish, those that head high profile companies. Criminals tailor emails with specific information for a particular recipient. This initial email may contain details such as the email recipient’s name and job title. Following contact, the recipient is tricked into opening an attachment that contains code to allow the criminal to gain control of the recipient’s computer.
Remember, trusted brands will never ask you via email to divulge your credit card account
April Fool's Day at Google
Pranks, while they can be hurtful, can also be fun and harmless, unless you classify a good laugh as hazardous to your health. The folks at Google came up with a little tongue and cheek prank for those of us who are running a little late or are too far into our critical path of production to meet the deadline to actually remember to hit the send button on time. Check out Google's Custom Time!
numbers and user names and passwords. In fact, most institutions have a security policy that spells out how your confidential information will be gathered and held in confidence.
Have you noticed any emails in your inbox that show you as the sender? This is a spoof. Spammers modify the emails they send to hide themselves as the sender. They forge the email “from address” to be the same as the “to address”.
The term virus is more often associated with a variety of maliciously spread maladies such as computer virus, worms and Trojan horses. While technically they each behave differently, all can potentially wreak havoc with your data, your documents and your computer's performance. Viruses
How to Protect Yourself
Don’t Trust Strangers - If you don’t know the email sender . . . don’t open the email. The same can be said for attachments from senders who you don’t know. If you aren’t certain and do decide to enter your username and password, always enter an incorrect password first. The real website won’t accept the bad password, but a phishing site will.
Check the Links within Emails Carefully - When you receive an email, be certain that any links match the email sender’s domain name. For example, in the Pay Pal email example, when the link in the email is moused over, the actual webpage where the link will direct you, is not a www.PayPal.com domain name.
Report It – When you receive spammer emails, report it to the following agencies:
Computer Maintenance –
- Keep you operating system up-to-date. Regularly download and run updates.
- Install anti-virus and anti-spam software. Keep them up-to-date.