Phishing
A consistent threat that slips under the radar
Phishing: The practice of sending emails posing as a reputable companies in order to lull users into revealing personal information to a user with malicious intent, such as stealing the information revealed for their own personal gain. Phishing works by sending messages that appear to be from legitimate, reputable companies or persons. It is exceedingly common for these messages to contain links to fake websites. These links lead to websites mirroring or impersonating actual websites from legitimate sources. This is done to lull the user into a false sense of security so there is a greater likelihood that they will enter their personal information attached to that site where said credentials will be collected automatically once entered.
If a phishing link is clicked, there are immediate steps one should take to prevent further access to sensitive data. Should any account information be exposed, attempt to reset the password immediately to lock out unwanted access from outside users as quickly as possible. If the password used on the compromised account is shared by any other accounts or websites, change the password there as well.
If the device was provided as a part of an organization, notify the I.T. Department or other support personnel. It is also recommended for the organization in question to run a virus scan on the system, deleting any malware or other malicious software that could have been installed due to the breach.
Other common forms of Phishing: Text Message Scams
Phishing attempts are not confined to emails and infect every corner of the web.
Phishing attempts are seen in every aspect of communication. Emails, phone calls, and text messages are filled with attempts to steal user data. These images (above) are examples of phishing attempts sent via text message. There are multiple warning signs to watch out for that are present in these messages. The messages begin by addressing a generic customer, no name or account number is provided or any other proof that the sender is truly from PayPal as the message body suggests. In addition, the message prefaces "customer" with a seemingly random string of letters with no reason as to why they are there. To continue, the link provided in the message is in no way connected to PayPal and has no mention of it in the URL, instead linking to an unknown third party that will presumably ask the user to enter personal information relating to a PayPal account. In the image on the left, the sender of the message is seen, with the message being sent from a convoluted and unknown user which is a major red flag in itself. Nowhere in the sender's address does it mention PayPal, and the email address does not contain "@paypal.com", the domain that all PayPal emails are connected to.
