Phishing is a form of fraud in which an attacker impersonates a legitimate entity or person, primarily by sending a fake email, SMS messages (in this case, smishing), or messages on social media. Those who carry out these attacks often use phishing messages to distribute malicious links or attachments that can perform various actions, such as extracting victims' login credentials or other account information.
Phishing is prevalent among cybercriminals because it's much easier to deceive someone into clicking on a malicious link within a fake email than to breach a computer's defenses. When crafting the message, real information obtained from social networks or other sources, such as the recipient's name, email address, or institutions where the person has financial services, is typically used to make the message appear genuine.
Successful phishing messages take time to distinguish from genuine ones. They usually appear to be sent by a known entity and may even include corporate logos. However, several clues can indicate a message is a phishing attempt:
- The message contains misspelled or suspicious URLs that don't match the institution from which the message claims to originate.
- The recipient's email address is a public one rather than a corporate email address.
- The message is written to induce fear or a sense of urgency.
- The message requests verification of personal information, such as financial details or a password. Remember that a legitimate institution will never ask for this information.
- The message is poorly written and contains spelling and grammatical errors.
Considering the above tips, you'll be less likely to become a victim of phishing.