Phishing attacks have become a common occurrence, targeting both individuals and companies. This social engineering tactic used by cybercriminals, takes advantage of human interaction to gather information about a person, organization, or computer system by relying on the weaknesses of individuals. The success of the attacker depends on their ability to manipulate their victims into performing certain actions or providing information. If successful, the attacker has the ability to use the information gained to receive legitimate, authorized access to private information.
Phishing scams are usually fraudulent email messages that appear to be coming from legitimate sources, such as an employee, bank, university, or credit card company. The objective of this attack is to trick the individual into surrendering private information. The messages are directed towards the receiver to be tempted to respond to the email or be directed to a spoofed website, which then asks for the receiver’s private information, such as passwords or social security numbers. Often, phishing attacks take advantage of current events and certain times during the years, such as major political elections, holidays, natural disasters, or epidemics.
Recently, in this 2017 tax season there has been numerous phishing scams The Internal Revenue Service (IRS) has announced a warning for all employers that phishers are targeting school districts, tribal organizations, and non-profits in this W2 phishing scam. The emails ask for the W2 forms, salary of employees, and a list of all employees along with their personal information. Since the emails are so well crafted, many employers have fallen for the scam.
Another new phishing scam that many have recently fallen victim to involves Gmail users and their accounts. This intricate attack sends an image of an attachment that seems legitimate and displays as “accounts.gmail.com” in the browsers location bar, which proceeds to what resembles a legitimate Google sign-in page, which asks for the user to input their credentials. Phishing attacks have three things in common: deceptive web links, logos, and an urgent request. Attackers use variations of a legitimate web address, such as www.gooogle.com or www.lifars.gov to trick individuals to clicking on the link, hoping they will not notice the extra letter or punctuation mark in the web address.
To avoid being scammed, before clicking on a link, you should scroll over the link and a box should pop up with the web address. If the web address does not match, it is most likely not the organization’s real address. Attackers will often include the organization’s logo to try to make the email look legitimate and convince the receiver that it is genuine.
Phishing emails often include an urgent request or instructions for the receiver to act quickly or else a negative thing will happen, such as their account shutting down. Avoid replying to emails with your passwords, social security numbers, or other personal information, this includes the links sent in the email. Always remain cautious of unsolicited phone calls or email messages asking about private information. If you are unsure whether an email is legitimate, verify it by contacting the organization. Do no use the contact information provided in the email, instead look at previous statements for contact information. There are also many anti-phishing features offered by your email provider and web browser that you can implement.