Phishing Attacks: Are You At Risk?
One of the most common online scams is called phishing. Phishing is an attempt by an individual or group to solicit personal information from unsuspecting users by masquerading as a trustworthy entity. Online scammers will pose as legitimate businesses, organizations, or individuals. If they are able to gain the trust of their victims, they can leverage this trust to convince victims to willingly give up information or click on malicious links or attachments. Online scammers can make their communications appear to be those of legitimate businesses or organizations, by spoofing the email address (i.e., email with a forged sender address), creating a fake website with legitimate logos, and even providing phone numbers to an illegitimate customer service center operated by the scammers.
Two common types of phishing attacks:
- Phishing Email - One of the best known forms of phishing is an email scam. An email, purporting to be from a popular company or organization, may ask you to click on a link in order to fix a problem with your account. In other instances, the email message may threaten to close your account if you do not respond. Scammers often use threats that your security has been compromised in order to increase the likelihood that the recipient will respond.
- Spear Phishing - Spear phishing is a personalized email attack in which a specific organization or individual is targeted. These attacks are prepared using information about an individual to make the email appear to be legitimate and induce the recipient to divulge sensitive information or download a malicious file. Such attack preparation is often based on extensive information gathering on the targets and has become one of the favored methods used in cyber espionage.
Phishing scams can be difficult to identify, however being aware of the threat and being vigilant in examining emails can reduce the risk that you will fall prey to such an attack.
- Be cautious about all communications you receive, including those that purport to be from "trusted entities." Be careful when clicking any links contained within those messages. If in doubt, do not click.
- Do not send your personal information via email. Legitimate businesses will not ask users to send sensitive personal information through email.
- Keep an eye out for telltale signs: poor spelling or grammar, the use of threats, or the URL does not match that of the legitimate site.
- Be wary of how much information you post online. The less information you post, the less data you make available to a cybercriminal for use in developing a potential attack or scam.
Phishing Awareness Quiz Resources
Test your knowledge about phishing and learn how to protect your data with these online quizzes.
These links are provided because they have information that may be useful. The NYS Chief Information Security Office (CISO) and the State of New York do not warrant the accuracy of any information contained in the links and neither endorses nor intends to promote the advertising of the resources listed herein. The opinions and statements contained in such resources are those of the author(s) and do not necessarily represent the opinions of CISO or the State of New York.