Security threats come in all shapes and sizes. You’ve probably heard of viruses, trojans, keyloggers and, more recently,. Want to know what they all have in common? They can all be the result of phishing.
The word itself is a homophone; hackers use bait — usually in the form of a seemingly legitimate file or link — to “phish” for victims. And because this bait is usually spread via email, it’s hard for security software to, er, philter out. That’s what makes it so pernicious.
A sad example of a business ‘phished’
True story: A couple years back, my brother-in-law’s business was breached by ransomware. This horrific code encrypted nearly every data file — Word documents, Excel spreadsheets and so on — and literally held them for ransom. If he wanted his data back, the price would be $700.
According to a security pro hired to help, the ransomware got in when one of the owners opened an email attachment marked “My resume” — a seemingly harmless action, especially given that the company was, in fact, actively hiring.
Phishing can also result in identity theft and even. But wait, isn’t security software supposed to protect you from such threats? It is, but that’s what makes phishing so devious: It arrives as seemingly harmless-looking email and cajoles or frightens you into action — usually clicking a link or opening a file. And often that’s all it takes.
While many people are well acquainted with this practice and know what to look for, I suspect there are plenty of folks who still fall victim. Heck, I consider myself an expert at phishing avoidance, yet I’ve had occasional momentary lapses that almost got me to click a fraudulent link.
How to spot a fake email
Below I’ve shared an actual email that shows some telltale signs of phishing fakery. Note that because I’m a PayPal user, the email certainly caught my attention — at least initially.
- Like many people, I have several email addresses. But this message came to an address that isn’t linked to my PayPal account. What’s more, the “To” field is blank, an obvious sign it didn’t actually come from PayPal.
- Bad grammar and spelling are telltale signs of phishing. Big companies hire professional copywriters (and editors) for email communication.
- My name is[…]
# # #
Continue reading this article.