Phishing is a well-known word amongst information security professionals, and something they deal with on a daily basis. Simply put, phishing is defined as using tricks via digital communication methods to attempt to get unsuspecting people to provide personal information like passwords and account numbers that can be used to break into their online banking, social media, or other accounts.
While many people outside of IT now have at least some idea of what Phishing: The use of emails that appear to be from a legitimate, trusted source that are enticed to trick recipients into entering valid credentials including personal information such as passwords or credit card numbers into a fake platform or service. LookingGlass Cyber (n) - tailoring an attack (such as email) to garner trust and credentials that are then used maliciously. The preverbal digital version of the ol' hook and bait. is, they may also have some misconceptions. In this article, we debunk five common myths.
1) Websites With Locks in the Browser are Safe
The small lock icons that appear in the top left of the browser bar when you visit a website only mean that the communication between your browser and the website is encrypted – that an algorithm is used to keep your private information private. Encrypting websites is not limited to lawful businesses, however. Criminals can also encrypt websites, so don’t trust a website just because it has a lock and appears to support encrypted communications.
2) Not Clicking on Links Will Keep Me Safe
Criminal phishers only get the jewels by sending out links that people click on, right? Wrong. Pharming, a first cousin of phishing, is when criminals modify the Domain Name Server (DNS) to redirect you to a fake website that looks exactly like the real one without you knowing. The DNS is what gets you from a Domain: A specified location where a set of activity or knowledge exists. For instance, an Internet domain is synonymous with a website address or URL where information can be made available. LookingGlass Cyber (n) - A fancy name for a URL or website. name or website URL, such as “abcsite.com,” to the site that you want to go to, using a string of numbers associated with that site, also known as an Internet Protocol (IP) address. Because you don’t see any of what goes on behind the scenes, you would not know that the criminal redirected you to a fake website. Criminals can modify the DNS by infecting your computer with Malware: A generic term for a software that is designed to disable or otherwise damage computers, networks and computer systems LookingGlass Cyber (n) - another type of cold that can destroy a computer by latching on to destroy other programs., Hacking: The using of a computer and/or program in order to gain unauthorized access to data in a computer, system or network. LookingGlass Cyber (n) - not the axe swinging you’re thinking of. This type of hacking is unauthorized access to another computer, or system. your home network router, or compromising a DNS server at your ISP.
3) If a Link Isn’t Sent via Email, It is Safe
Several recent studies indicate that criminals are sending fewer phishing emails these days. Knowing that people are learning not to click on links in suspicious emails, criminals are now hiding malware and other viruses in email attachments and compromised mobile applications, as well as distributing them via social media posts, where they can spread like wildfire to thousands of unsuspecting visitors. For example, a criminal may impersonate a popular company like PayPal, and send a fake customer satisfaction survey which requires the target to download an email attachment. When it is downloaded, the file installs malware that is then used to steal personal details as you type them into your browser. Phishing links can also be sent via unsolicited instant messages from criminals posing as customer service representatives, “friends,” or colleagues.
4) Phishing is Primarily Limited to Emails
Rogue mobile apps are essentially a modern-day update on email phishing tactics. Just as they do with traditional email phishing schemes, criminals trick users into clicking links, downloading files, or disclosing personal information based on the false belief he or she is downloading a legitimate app or clicking on a safe link within an application or online app store. There are thousands of rogue apps on third party storefronts outside of official stores like iTunes, GooglePlay, Blackberry Market, Nokia OVI, and the Windows Phone marketplace. When a user downloads a rogue app that has malware or some other unwanted feature, criminals can use this to gain access to all the personal information stored on the phone.
5) If I Don’t Open Attachments, I’m Okay
Download “The Cost of Phishing: Understanding the True Cost Dynamics Behind Phishing Attacks” to learn more about how you can calculate the impact of phishing attacks to your organization.