Phishing: Are You Safe?

Phishing is a type of cyber attack where you get an email that wants you to click a link and enter a login and password. These emails appear to come from a known bank or from a popular site like Ebay.

Back in the old days (5 years ago), such emails used to include a strange reply-to address, misspelled words and bad grammar, but phishers have become more sophisticated in the last couple of years and you can no longer rely on these clues. The only real clue is in the link they want you to click. The URL is the attacker’s website, where the hacker will capture your login and password for use on the real site, where he or she will steal your data.

A newer type of attack, called spearphishing, sends a crafted, targeted email, an email with so much personal information that you’re likely to believe it’s real. The attacker hopes you’ll click the URL and enter a login/password that he can use to get into other places.

A spearphishing attack goes like this: Suppose you get an email from your child’s school, urging you to create a login and password to sign up for the school’s newsletter. If you’re trusting enough to click the link and enter the same login and password you use for all your other online business, the attacker now has access to your work accounts, bank accounts, Twitter, etc.

But how did the attacker know which school your child goes to? Remember all those photos you posted of your child’s school activities on Facebook? The attacker saw those, too.

To avoid getting phished, always look at the URL before clicking it. Mouse over the link and look at the URL at the lower corner of your screen. If it looks phishy, don’t click it. Go to the site via the usual means through your browser, and log in there.