Phishing is a type of network security attack that seeks to capture information from a user by encouraging to give the information to a trusted site.
A phishing attack usually, but not always, comes in the form of an e-mail. The e-mail appears to come from your bank, your electric company or some other source you would trust.
The e-mail usually contains a link that would bring you to a website that may even look and feel like a site you trust. The goal is to get you to attempt to login or give valuable information that will then be used to access your account or worse.
The whole scenario sounds pretty bleak, but there are some simple steps you can take to protect yourself and your identity.
First, there is no substitute for good mail security. A sophisticated e-mail security platform is likely to catch most phishing attacks before they even get to your inbox.
It’s also important to realize, that your bank and other institutions are not going to send you an e-mail asking for things they already have–like your social security number, pin and so on.
Finally, four simple questions can help you fish out a phishing attack.
Is the request urgent?
If your bank, the electric company or anyone else with which your conduct business needs information urgently, the chances are that they will call you. Let the sense of urgency in these e-mails through up a red flag.
Is the e-mail grammatically correct?
Large organizations spend countless hours scrutinizing even the simplest communications, and must phishing attacks come from out of the country. If the e-mail reads oddly, then don’t click the link.
Does the sender's e-mail address look wired?
Often a phishing attack with come from a domain that looks like the trusted source but is slightly different. For example, if you do business with “www.samaritanbank.com” a phishing e-mail might come from “www.sarnitanbank.com”. Notice how the “rn” looks similar to “m”.
4. Does the communication seem ordinary?
Ask yourself if this communication seems normal for the organization sending the e-mail. For example, is the e-mail regarding an account you do not have? Is this the first time you received an e-mail asking for this type of information?
When in doubt, call the company that sent the e-mail, but don’t use the phone number included in the e-mail. It’s always safer to expect the e-mail to be a phishing attack until you can confirm otherwise.