What is Phishing?

Phishing is the act of masquerading as an online entity (a business, bank, or other legitimate institution) in order to obtain credit card numbers, usernames, passwords, and other sensitive data. This is usually done through email.

To make these phishing e-mail messages look even more legitimate, the scam artists may place a link in them that appears to go to the legitimate Web site, but it actually takes you to a phony scam site or possibly a pop-up window that looks exactly like the official site. These copycat sites are also called "spoofed" Web sites. Once you're at one of these spoofed sites, you might unwittingly send personal information to the con artists.


Often these phishing attacks prey on the idea that there was a problem in the user's account and that an immediate login is required to fix it. This rushes the user to act without thinking and spotting the problems with the email. The user rushed in head first to the bait cast by the phisher. 

The term phishing is a variant on the word fishing; identity thieves dangle something like a fraudulent email and wait for the gullible to take the "bait" and provide things like credit card numbers and important passwords. The ph beginning was picked up from a telephone systems hacking practice referred to as phreaking.


Concerns for Parents

  • Most phishing attempts are not directed at children. Most youngsters don't have credit cards, don't have large bank accounts, and don't even know what a Social Security number is. Since phishers are out to make money, they are going to go for adults and older teens.
  • If you fall for a phishing email and give a fraudulent source sensitive information, your identity will be stolen and could be used to make large purchases, open false bank accounts, launder money or commit other crimes. Credit scores and financial reputation can be seriously scarred by identity theft. In addition to costing you hundreds or thousands of dollars, identity theft issues may take weeks or months to sort out.

How Can I Stay Safe?

  • Be sure your email account has a good spam filter. The easiest way to avoid phishing emails is to never even see them. Set email preferences to filter out unwanted email so that you don't have to determine which emails are legitimate and which are not on a case-by-case basis.
  • Don't give any personal information out in response to an email. Businesses should never ask you to send Social Security numbers, passwords, usernames, or other private information through e-mail.
  • Read emails and websites slowly. Phishers count on the panicked or relaxed nature of their targets to overlook the problems listed.  
  • Don't click on links in suspected emails; these are usually fraudulent. Instead, go to the company's home page yourself by typing the true address into the address bar.
  • Don't click on images in suspected emails.  They could have hidden scripts which try to access your bank account.
  • Carefully check emails that come during odd hours such as one o'clock in the morning. 


Spear Phishing

Spear Phishing denotes the idea that the scam artist has a specific target in mind when attacking people. This is usually done after the scam artist has successfully phished someone's bank account, twitter, facebook, or email. The scam artist searches the newly accessed account for friends and acquaintances as victims of the next phishing attack.

For a successful spear phishing attack, the scam artist needs to do three things:

  1. The source of the email or request came from a known and trusted source
  2. Inside the email or request, there is personal information about the individual receiving the message, thus strengthening the idea that it came from a trusted source
  3. The request seems to have a logical reason for being sent.  

These attacks are harder to spot as many of the tells of a phishing attempt no longer appear. The sender is someone you know, the email address is correct and therefore won't go into the spam box, and they don't have to type a lot to send a link ("Hey check this out" is all they need). According to the FBI some things that keep people safe in these situation are to manually type any URL directly into the address bar instead of clicking the link. Anohter way to prevent this is to remember that most companies will not request personal information through an email. 

Whaling is spear phishing where the targets are CEO's and other important individuals of companies. Their email and contact information is easily found online so attacks are common. The real danger comes when a company head falls for the scam and therefore gives the scam artist many important documents about the company and the many employees. A successful whaling attack can expose hundreds of employee's bank account information, social security numbers, and much more.d 

Where Can I Learn More?