Phishing is a technique used to trick users into giving up their usernames, passwords, and/or PINs.
How is is done:
Fake websites, emails, and phone calls are some of the most common forms of phishing. These methods are designed to imitate a legitimate source in order to trick users into clicking a link, downloading a file, or giving away credentials. Cybercriminals can use phishing websites in order to install malicious software on computers or obtain the username and passwords of users.
What to watch for:
- Spelling or grammatical mistakes - emails from large corporations or businesses are unlikely to contain spelling or grammatical errors. If an email you receive claims to be from a well-known source but has clearly not been spell-checked, then it is likely to be a phishing message.
- Here is a useful guide by Microsoft to identify the authenticity of emails sent by them: https://www.microsoft.com/security/online-privacy/msname.aspx
- You can double-check whether a link is valid and will take you to the intended location, by hovering your mouse over the link to see the address. If the address does not match the link, then it is not safe to click on.
- Threats are often used in phishing messages to create a sense of urgency and fear in the user and cause them to act quickly. For example, a message could be sent by a cybercriminal that appears to be from Microsoft, claiming that Windows has not been activated and that your computer will be shut down and bricked if you do not follow the link.
- Receiving an email with information regarding a free round-trip vacation or a $1000 gift card is grounds for caution. Most of the time, these emails will contain information that would seem appealing to anyone. That is part of the persuasion method used by the criminals to get the user to click on the link or download the attachment, which should never be done in emails such as this, to expose personal information. It is highly advised to delete emails like these to avoid any chance of accidentally clicking on a malicious source.
- This information was obtained through Microsoft’s security website. For more information please visit https://www.microsoft.com/security/online-privacy/phishing-symptoms.aspx