Phishing is a cybercrime that where a target is sent an email which appears to be real to lure the individual into providing sensitive information such as social security numbers, passwords, credit card information, or bank account numbers. The criminals then use the information to access important accounts which can lead to identity theft.
It is called ‘Phishing’ because the criminals send out the fake email to hundreds of people, and while the institution in the email will not apply to everyone, it will apply to some. Just like fishing, we cast the line out and wait for the fish to take the bait.
For example, say you have two people who both receive a ‘Phishing’ email that appears to be from Huntington Bank. Person 1 may have a Huntington Bank account where Person number 2 does not. Person 1 may think that the email is real and takes the bait and clicks on a link in the email. They are taken to a page that looks like the Huntington Bank website but is really a dummy site waiting to get their login information.
Here are some things to look for with a Phishing scam:
Look For Signs of Phishing and Social Engineering
1. The Message Contains a Mismatched URL or Domain Name
The first thing you can do with a suspicious email message is check the integrity of any embedded links or URLs. Many times the URL in a phishing message will appear to be perfectly valid, but when you hover your mouse over the top of the link, you should see the actual hyperlinked address (at least in Outlook). If the hyperlinked address is different from the address that is displayed, the message is probably fraudulent or malicious. In this email from Wells Fargo, you can can see when the cursor is placed over the link, the actual URL is displayed.
2. The Message Contains Bad Spelling or Grammar
When a large company sends out an the represents the company as a whole, the message is usually checked for spelling, grammar, and legality, among other things. So if a message is filled with poor grammar or spelling mistakes, it most likely did not come from a major corporation's legal department.
3. Something just doesn't look right
In Las Vegas, casino security teams are taught to look for anything that JDLR—just doesn't look right, as they call it. The idea is that if something looks off, there's probably a good reason why. This same principle almost always applies to email messages. If you receive a message that seems suspicious, it's usually in your best interest to avoid acting on the message.