Phishing: Know Your Terms

Establishing a simple line of trust between people is commendable, for it’s no easy task to accomplish.

The art of phishing seeks to mirror this action through the form of deception with the intention of acquiring an individual’s personal information. Phishing is most commonly seen in the form of emails where it adopts the guise of a familiar and legitimate entity such as a financial or educational institution. It goes the extra mile by including features that can be identified with the respective institution whether it is through logos, signatures or specific phrases.

The wording of the email itself will always be presented with a sense of urgency and allude to a situation that needs to be immediately addressed , from compromised passwords to bank account numbers and credit card information that needs to be verified. A link is also provided that when clicked can either download malware unto the individual’s device or redirects them to what is called a spoof website. Following in the footsteps of the email, a spoof website attempts to appear genuine with the same design, logo, etc as the original website.

If individuals comply with entering their personal information when prompted, they will be subjected to consequences based on the information entered such as a major loss of income, identity theft, divulging of personal data and compromised business networks. In the long term these circumstances are disastrous, long lasting and sometimes irreparable.

Phishing can vary in complexity depending on the individuals that are being targeted.

Spear Phishing

Spear Phishing, while employing the exact tactics as phishing, targets specific individuals or organizations and tailors the emails to suit. More effort is injected into spear phishing as the medium of pretense may come in the form of an employee of an affiliated company, a contractor seeking to pursue a business deal or even an employee within the same company.

Whale Phishing

Moving further up the rung of the business ladder, whale phishing sets its sights on employees in senior management positions and the sensitive data they have exclusive access to. Extensively detailed research is conducted on personal relationships, routines, business associates and company ventures, all in an attempt to produce an extremely compelling issue that can only be resolved when sanctioned at the highest level. As a result, whale phishing attacks are less likely to be identified over its other counterparts.

Successful phishing attacks depend on the target to make an emotional decision that wouldn’t usually be made under normal circumstances. Paying close attention to the wording of emails can help in identifying a number of phishing attacks as they are known to have misspelt words and incorrect grammar.

Likewise, spoof websites are identified in the same manner with regards to the domain name and text on the website itself. Confirming that the website is encrypted has also been a viable method that is encouraged. However, there have been instances where legitimate, encrypted websites have also been hijacked to carry out phishing schemes, making it all the more difficult to distinguish friend from foe. When all else is in question, the simplest solution is often the most effective. Contacting the relevant parties and companies and/or researching their existence can offer a straightforward solution to the tangled forms that phishing attacks masquerade as.