A Little About Phishing… Not Fishing

You have probably heard once or twice or many times, the term phishing which is becoming more and more common these days. If you find yourself wondering what exactly this term means, you are not alone, and now you are in safe hands because the purpose of this article is to explain phishing in very simple terms.

By definition, Phishing is the process of obtaining personal information from people by tricking them into thinking they are providing this information to a legitimate party such as their bank or employer, when in actual sense this information is being received by criminals.

Phishing starts with a hacker identifying what kind of internet users to target. Let us just say, for example purposes, that Zanaco has a website where customers can do their online banking. To gain access, one needs to enter their username and password which are then validated against a central database owned by Zanaco and everything is correct, the user then gets logged in, and has access to their account.   A hacker will make a duplicate of that login screen and set up another website that looks exactly like the real thing but connects to his own database. On this database, he has some software running that collects information that people send.

The next step that most of us are familiar with is an email that appears to come from the real source. In our example, one would receive an email that looks as if it was sent by someone at Zanaco telling the user to click on the provided link. Once the user clicks this link, the hacker will watch out for information such as the username and password and can go and log on into your account. Other hackers will go beyond that and actually log you into a website that still looks like your bank and you can update all the other personal information while he/she sits back and records it.

Note that phishing is not just limited to banking, it can be applied to many other services that involve your personal data, such as your Yahoo email, your Facebook account, phone service and many others.

So what can you do to avoid being a victim of Phishing?

The simplest and best way to protect yourself from phishing is to always not trust emails. If you get an email telling you there is something wrong with your bank account, chances are it is a fake. Today, most well implemented online banking services have messaging systems within their portals and all you have to do is log on directly to the bank website and if there is a message for you, it will be there in the messaging center. Banks rarely send emails about account information to their customers.

If you are suspicious of an email you receive, always remember that you can pick up the phone and call your bank or whatever service provider the email claims it is from in order to verify it.

The key is to remember that not every email is legitimate and not every link you see is real. The internet is vast, be careful and enjoy.

Featured image credit: Deposit Photos