Phishing – How to Spot Phishing Messages
Phishing is an attack that uses a fake email, post, tweet, direct message, or website to trick a person into downloading malware or providing sensitive information. Criminals can also use social media to create highly targeted attacks by posing as friends and family, making it difficult for victims to recognize malicious messages.
The goal of phishing is to trick people into providing access to their networks, computers, and financial accounts. This can be done by exploiting a wide variety of human weaknesses. These include greed (for example, emails claiming you have won the lottery or other high-value prizes), obedience (for example, emails from your bank requiring immediate action), fear (for example, messages warning of a virus outbreak) and poor judgment (for example, messages that appeal to emotions).
While most phishing attacks are easy for software programs to detect, they are still hard for people to recognize. This is because most phishing messages are designed to be alarming and to provoke a sense of urgency. To help you identify phishing messages, look for spelling mistakes and improper grammar. In addition, remember that if it seems too good to be true, it probably is.
Another indication of a phishing message is when it comes from an unfamiliar source or at an unusual time. For example, if an email arrives that you aren’t expecting during normal business hours or on weekends, it’s likely a phishing attack. Another clue is a link in the email that takes you to an unknown site. This can be accomplished through a technique called host name obfuscation, where an attacker alters the original URL to connect you to their own server (Ollmann, 2004).