Cyber phishing is a neologism of the word fishing. We use it to describe this type of attack because it resembles a lot the act of going fishing. You use a bait to lure a user into making a wrong judgement, fall into a trap and give away important information and/or access.
Bad guys send you an email message. The message looks like it came from your bank or other important institution. They tell you there has been an issue with you/your account and ask you go type in your data (usually username and password). You, under pressure, type them to resolve the issue without thinking, not realising this is a fake email.
Example 1
You have an account at Central Bank. The bank’s web address is http://central-bank.com/ . You receive email message from bankCentral@gmail.com. The message states:
Hello, due to security measures and recent hacker attacks, we ask you to change your password. To change it please follow this link http://bankeCentral.com/ and type in your old and new username and password.
But without checking whether this is the right address, or that the website has a correct SSL certificate, you give your data to bad guys. They change your password instantly and you loose access to your onine banking. With this access they then proceed to transfer your funds to another account.
Example 2
You receive and email message from your friend. He writes you that he wants to share a file with you via a link. You click on the link and the website asks you to fill in your account information in the fields below to verity it is you. Because you know this person and don’t think he could be hacked, you type in all your profile information and click send. After this hackers take over your email account and resend the same message to everyone from your contact list. It becomes a chain reaction. And if you have many contacts on you email you will have a hard time reaching to them through other channel to notify them not to open your last emails.
Example 3
You receive and email message, which claims to be from Facebook, but it comes from email facebook123@gmail.com with the following text:
Your profile has been hacked. Please reply to this email with your username and password to confirm that this email belongs to your profile. You have 12 hours or we will delete your account.
You, in a rush not to lose your Facebook account, reply with your login data. That way you lose control over your facebook account.
There are a lot of examples for cyber phising. Hackers get creative every day. To protect yourself against this kind of attacks you need to be very careful what kind of information you are sharing. Before you send this kind of information:
- make sure the email address to see whether it is the right one.
- check whether the web site of this institution is up and running and not being hacked.
- Do not send password over email.
- Check whether the site you input your data has a SSL certificate (encrypted connection).
- Do not be fooled by the original logo. You could easily copy and downloaded images.
- Change your passwords often using different usernames and passwords for each different web site.