Phishing: what is it?
Briefly, phishing is any fraudulent communication designed to deceive you into revealing private information or exposing a vulnerability in your phone, computer, etc. The goal of the phisher is generally to use that information to their benefit and your detriment, by doing one of more of the following:
- Selling your information to marketers acting in bad faith.
- Installing malware on your machine.
- Using your machine to infiltrate your company’s network.
Some red flags to look for:
- Link manipulation. The portion of a URL after the last period is the domain extension. Hover the mouse cursor over a link to ensure that the URL’s domain extension matches that of the text. On an iOS device, tap (don’t press) and hold the hyperlink for a few seconds to display the URL target.
- Malicious attachments. The extension after the last period reveals what kind of document an attachment is. For example, Business Plan.pdf.xslx is xlsx (Excel), not pdf (Adobe). Be wary of attachments you are not expecting.
- Cloned email. Watch for substitutions like 0 for o, misspellings, odd domain extensions.
- Other warning signs:
- Unfamiliar Reply-To or From address
- Asks for password, other confidential information
- Link redirects to unknown website
- Generic greeting
- Offer too good to be true
- Creates a sense of urgency
- Misspellings, bad grammar