“You’ve just won a FREE cruise!”
“Your package has shipped, click HERE to track it!”
“Your account has been frozen, please click HERE to login and verify your information.”
And just like that, you’re reeled into a phishing scam.
Phishing is a cybercrime where the perpetrator attempts to trick the user into disclosing sensitive information, such as usernames, passwords, credit card information or bank accounts. They accomplish this by posing as a trustworthy organization (Bank of America, Apple, UPS). Recently, we’ve seen an increase in the phishing attempts targeting our UVM Medical Center emails, and these scams are becoming harder and harder to identify as being fraudulent.
Luckily, there are commonalities found throughout most phishing emails: They almost always contain an inciting message that requires an immediate response, indicating that if you don’t respond, you could be put into a rather unfortunate circumstance. One of my favorite Information Security Professionals, Javvad Malik, has a nice video that highlights the different ways to identify a phishing email. Check it out here:
One of the most important ways to keep your information safe online is to always think twice before giving out your information. With our world becoming more connected via the Internet and portable devices, we often find ourselves multitasking and moving from one task to the next. This plays into the phishers corner, because a distracted user is an easy target.
Unfortunately, these malicious individuals try to take advantage of the natural human instinct of helping others and cooperating. The next time you receive an email asking you to “confirm your bank account information” or “click here to unlock your account,” ask yourself the one question that my mom always said I asked too much
Legitimate companies will never ask you for information they already have. Also, any links they want you to click should point back to the company’s corporate website. Make sure to hover your mouse over the link to make sure it is actually going to the legitimate webpage. If the company had their customer information compromised, like during the recent Target breach, they will go to extra lengths to make it clear to customers that they are who they say they are. Shortly after the Target breach, we saw a large increase in fake Target emails.
For a great guide on analyzing a phishing email, check on this article located on CNet.
Richard Wyckoff is an Information Security Analyst from the Information Security team at the University of Vermont Medical Center. He is currently studying for his Masters in Information Security and Assurance at Norwich University. To relax, he enjoys going to the park with his wife and their two rescued pit bulls.