Phishing

Unlike regular spam which merely sends out unsolicited emails, advertising unwanted products or services, phishing emails are scams aimed at tricking people into handing over confidential information such as back account or credit card numbers, or usernames and passwords for online services such as financial institutions.

Although some of these phishing attacks can be spotted very easily, most of the cyber criminals behind them go to great lengths to make the email appear as if it came from the chosen institution, which is used to entice the recipient to click on the link within the message. This link will take them through to a phishing website, which to the untrained eye often looks like the real site.

These messages typically state something along the lines of the institution undergoing a major software upgrade, which requires all users to log in and confirm their details for their account to stay active. Obviously, this elaborate ploy is just a data gathering exercise, allowing the criminals to use this information for their own financial gains.

Since various systems have been put in place to attempt to reduce the effectiveness of these attacks, such as spam filters, notices on bank websites, and greater public awareness through the media, the cyber criminals have moved the game on again with what has become known as ‘spear phishing’. This is simply where they aim the phishing attacks at a select number of users.

Examples of spear phishing have been when these criminals have gained access to lists of customers of particular banks, ebay customers, etc. One example of such a case was when emails targeted users within an individual company, where they have fronted themselves as being from a database supplier offering an upgrade to the latest version. All the users had to do was log into the website with their corporate username and password to become eligible for the supposed update.

These spear phishing attacks can be much harder to spot than normal spam or even regular phishing attacks due to their greater relevance to the user, and spam filters will rarely pick up on them either.

To avoid falling victim to any of these scams, it is strongly advised that users apply common sense when using the internet. Never click on a link within an email, and if they receive something prompting them to log into some secure service of theirs, they should browse to that site themselves. Under no circumstances will any financial institution or online service prompt a user to provide all of their information again simply to keep an account open.