No, I didn’t spell it incorrectly. Phishing is the most common type of social engineering attack that occurs today. The main goal of phishing attacks is to obtain personal information such as names, addresses and Social Security numbers.
In short, these criminals use shortened or misleading website links that redirect users to websites that are really phishing landing pages. These malicious links are often delivered in e-mails or text message to the victims, and many contain spelling or grammar errors.
However, they all have the same goal of using fake websites to steal user login credentials and other personal information. A recent phishing campaign used a compromised email account to send out fake emails. The e-mails asked recipients to review a proposed document by clicking on an embedded URL. That URL redirected users to a phishing page impersonating a Microsoft Office 365 login portal where users were duped into providing their login information.
The key to preventing this type of attack is to never click on a link that you aren’t familiar with or that doesn’t come from a trusted source. Over the next few weeks, we’ll look at some common phishing scams for you to be on the lookout.
- The Government Maneuver
This type of email looks like it originated from a federal body, such as the FBI, and tries to scare you into providing your information. Common messages include, ‘Your insurance has been denied because of incomplete information. Click here to provide your information.’ Or, ‘Because you illegally downloaded files, your Internet access will be revoked until you enter the requested information in the form below.’
- The Friend Tactic
If an unknown individual claims to know you in an email, you are probably not suffering from amnesia. More than likely, it is an attempt to get you to wire him/her money. A variation on this theme is that one of your known friends is in a foreign country and needs your help. Before you send your ‘friend’ money, give them a call to verify. Your true friend’s email contact list was probably hijacked.
Source: www.spyescape.com & www.securitymetrics.com