What is phishing?

Phishing is an attempt to gather information from a user by contacting them via email, using the guise of a company they are likely to trust.

We see examples of these on a daily basis, with the emails appearing to be from banks, phone service providers, online payment processors and social networks.

If a user mistakenly believes one of these emails to be genuine (some of them can be pretty convincing!), they may click on the included links or surrender their username, password and other personal details, thinking they are dealing with the legitimate company. Of course, links within these emails often lead to sites infected with malware, and put the user at risk of identity theft should they divulge any personal information.

Unfortunately, phishing scams can also be quite topical in nature, which can make them difficult to recognise. For example, the end of the tax year provides a window of opportunity for cybercriminals looking to take advantage of the fact that people may be expecting an email from the Australian Tax Office at that time of year anyway.

Types of phishing:

Spear phishing: This is when the phishing email is specifically targeted to the user. This means that rather than pretending to be from a popular site such as eBay or Facebook, the received message is from someone known to the user. An example of this would be receiving an email from a close friend or colleague saying they’ve sent you a “private message” or something similar, which links to a site where you are prompted to sign in with your email address.

Clone phishing: This involves a phishing attack where a legitimate, previously delivered email containing an attachment or link is directly copied by a cybercriminal. The cybercriminal effectively replaces the attachment or link with a malicious one and resends the message from a spoofed email address made to look like it came from the original sender.

Whaling: This type is similar to regular phishing attacks, but specifically targets senior executives or other high profile people (the name “whaling” comes from the notion of landing a “big catch”).

Staying safe from phishing:

You can protect yourself from phishing scams by following these tips:

• Be suspicious of any unsolicited email that asks you to verify or update account information, click on a link or download an attachment – even if it appears to come from a reputable business or organisation.
• If you do suspect an email to be a phishing scam, delete it immediately and do not click on any links or open any attachments.
• Any odd requests for information can be verified by independently contacting the business or organisation by phone.
• Ensure you are running an effective anti-spam solution, such as the one included in AVG Internet Security, and perform updates regularly.