What is Phishing?
No not fishing for fish.
Phishing, with its similar name as fishing, is when someone falsely claiming to be someone else or an organization to try to catch individuals and get information out of them. Phishers try to reel in people to their website to collect their information (make it seem like the original website) or download a file to have a virus installed on your computer. Phishing is primarily done using email, so let’s go over how to know when you’ve received a phishing email and what to do.
Why Are Phishing Email A Thing?
Phishing emails are used to get information from users, with the main goal of getting the users username and password so that they can log in as you in different platforms. Another goal of theirs is to install a virus onto your computer so that they can get into your computer remotely and see your files, and possibly use your camera.
Let’s check out some examples of phishing emails that the StreetCode Academy staff has actually received. Let’s start off with a simple one, that a majority of people may get.
The first thing to notice in this email is the sender or from email address. In this case, we have firstname.lastname@example.org. Infosecmessage.com does not lead to Starbucks meaning that Starbucks did not actually send this message. Emails from companies normally use their own website domain.
Another way of checking is to hover over the URLs in the email. In this email, if we have over the View Online, you can see the URL it takes you to on the bottom left of the browser. This URL does not take us to Starbucks.
Do you normally not get Starbucks emails? Another red flag for an email.
Now let’s check out a more normal-looking email that our staff clicked on.
At first glance, this looks like a normal email from someone who wants us to post on Facebook. However, let’s look more closely.
- The email address is from “standford.edu” and not “stanford.edu”
- If you are from Stanford, you would see that the naming convention of the email address is incorrect.
- Hovering over the facebook link shows a link similar to facebook, however does not link us to Facebook itself.
- It was also sent “via securityiqmail.net” which meant it wasn’t a student who actually sent the message, it was sent from a mass emailer.
Spear Phishing is an attack to a specific individual or group of individuals that share common group by a hacker/phisher.
This email was meant specifically for StreetCode Academy as we have ties to Stanford University and we were named in the email directly.
I Clicked On A Phishing Link, What Should I Do?
First thing is that you don’t input your username and password or don’t download anything from the website.
But let’s say you did input your password, you should go into your account as soon as possible so that you can change your password. If you update your password, then the old password that the hacker/phisher has now doesn’t work.
However, if you reuse your passwords for multiple websites, then you’ll need to update your passwords everywhere. Make sure that you do use different passwords for each site to limit the damage a hacker can do. But if you have multiple different passwords, how can you manage them all?
Let’s learn about password managers!