DON’T GET HOOKED!
How to Recognize and Avoid
PHISHING ATTACKS
Phishing (same pronunciation as fishing) is a form of social engineering that uses email or malicious websites (among other channels) to solicit personal information from an individual or company by posing as a trustworthy organization or entity. Phishing attacks often use email as a vehicle, sending email messages to users that appear to be from an institution or company that the individual conducts business with, such as a banking or financial institution, or a web service through which the individual has an account. The goal of a phishing attempt is to trick the recipient into taking the attacker’s desired action, such as providing login credentials or executing a malicious file.
An attack where fraudsters cast a wide net of attacks that aren't highly targeted.
READ MOREFraudsters send phony emails that appear to come from valid sources in an attempt to trick users into revealing personal and financial information.
| From: | Easy Pay Support |
| To: | ap@yourcompany.com |
| CC: | |
| Subject: | Please pay overdue toll |
Notice to Appear,
Impersonal
Messages
You have not paid for driving on a toll road
and the fee past due
Scare Tactics
The copy of the invoice is attached to this email.
Best Regards,
John Doe,
Easypass Agent.
Imitating a Known Brand
Sender’s Name and Domain Spoof a Known Brand
Compressed Attachments
Unlike mass phishing emails, spear
phishing messages are highly
personalized and will
often reference coworkers' or friends' names.
Common file attachments (.doc, .xls, .ppt, etc.) can contain malicious macros.
Spoofed link text can hide a hyperlink's actual destination to a Spoofed Website.
www.bigbank.com
Links to spoofed versions of well-known websites can look legitimate to the untrained eye. They are used to steal info submitted via forms and/or distribute malware to visitors.
https://www.bankofannerica.com
Short for "voice phishing," vishing uses telephone attacks to solicit unsuspecting victims for financial or personal details.
It can be gathered from social media profiles, providing criminals with sensitive details to make attacks seem more legitimate.
Vishers use fear tactics to con you into thinking your money is in danger and you must act quickly.
Their tactics are "too good to be true" and are a dead giveaway of criminal activity.
Scammers often alter phone numbers/IDs to disguise the real origin of the call.
people have been solicited by scammers claiming to be IRS officials.
With SMS messaging attacks fraudsters send phony texts in an attempt to con you into divulging private information or infecting your phone with malware.
are most likely scammers masking their identity by using email-to-text services.
Spoofed Websites are most likely scammers masking their identity by using email-to-text services.
5000
Dear Walmart shopper, Congratulations! You have just won
a $1000 Walmart Gift Card. Click here to claim your
gift.
www.wmartlick.com
(cancel: reply STOP)
(405) 777-0909
Notice: this is an automated message from Miami University
Community Federal Credit Union. Your ATM card XXX4 0505 has been suspended.
Click this link to reactivate:
bitly.ru/ar f4qwpr zf3290
Smishers are most likely scammers masking their identity by using email-to-text services, unknown numbers or unsolicited messages.
Smishers may use the first few digits of your debit/credit card to pressure a response.
Authentication systems were breached by "smishers" who conned users into resetting their passwords in order to gain access to victims' email accounts.
An attacker secures a victim's email address / phone number from public sources.
The attacker poses as the victim and asks Google for a password reset.
Google sends a reset code to the victim.
The smisher texts the victim with the fraudulent message: "Google has detected unusual activity on your account. Please respond with the code sent to your mobile device immediately."
The victim sends the password verification code to the smisher, thinking that the request came from Google.
The attacker uses the code to reset the victim's password and take control of their account.
Scammers create a replica account and inform victim friends/followers that their previous account was abandoned. Messages are sent to victim friends asking the recipient to click on a link with the aim of collecting personal data, e.g., credit/debit card numbers.
Social network feeds can contain bogus posts that trick users into clicking on a link and providing personal info.
Scammers can pose as a friend/follower and send messages with links to sites that are infected with malware. Even messages from known friends and followers may include links to sites that have been hacked.
Decided to make a new account
Hey! check this out,i cant’t believe
they got this picture of you!!!
bitly.xyz/345Fw041
Ray Thomas
Hey Joe!, You should sign up for this free giveway.
http://bitly.xyz/345Fw041
Admin
Hey Joe!,We notice a security threat on your account.
Would you like to reset your password now?
http://bitly.xyz/345Fw041
Phishers can pose as admins from social networking sites in an effort to gain access to passwords/other account info.
