Phishing is the act of a criminal attempting to lure you into a compromising position, often by disguising themselves as someone reputable, where you then willingly share sensitive personal information. The most common form of Phishing occurs over E-mail, such as a message asking you to respond with your current credit card information as your card on file is about to expire, or perhaps luring you to a fake website where you enter the information.
There are a couple things to keep in mind to protect yourself against phishing attacks:
Believe it or not, e-mail is very similar to physical mail in several ways. One such way is just as you can specify ANY return address on an envelope, so you can also easily disguise who an E-mail is from. Therefore, when dealing with a messages that requires validation, further steps should be taken to ensure the message is legitimately from who it claims.
Every e-mail message has hidden information, called the "header", which shows the exact path a message took before it reaches you. If you've received a message from a company disclosing information that you may need to act on, it's best to contact the company directly via the phone or their website first. In the meantime, you can determine the validity of the message by looking at a header. Please check with your mail program's help documentation to discover how to view message headers.I received a message from Google, and upon looking at the message header, I can verify that it indeed did come from Google:
The blue outlines the actual server sending the message; this CANNOT be forged, just as you can't forge the postmark on a real mail envelope. The information highlighted in Green - Date, Subject, From - CAN be forged and must be matched up against the area in blue to establish validity.
The following message is an example of a real-life phishing E-mail, where we were supposedly sent an invoice with a link to log-in and review this invoice. The message was considered suspicious because we did not recognize the sender. Further examination of the message header confirmed this. The link in the e-mail, if clicked, would have redirected us to a website attempting to infect the computer with a virus.
The area surrounded by Yellow - which is customizable - shows the message is from "montannasskys.net". However, the area that cannot be forged, in Red, clearly shows the message came originated from "...jino.ru". .RU signifies the system sending the message resides in Russia; therefore this message was not opened but rather rejected.
E-mail is not a secure method of communication, and should NEVER be used to send personally sensitive information. If information of this nature must be sent, the preferred method is to encrypt it, such as within a password protected PDF.
Electronic "Spam" is any message you receive that is not legitimate. Examples include:
Spam and phishing messages can often times be similar, therefore it's best to treat all spam as potentially dangerous. When dealing with spam:
More so than ever, e-mail accounts are being compromised and used maliciously to send messages to other users, often times those users within the account's address book. If you receive one of these questionable messages from another person, make sure to alert them immediately and share the following information: