Phishing

ICT EXAM PREPARATION

What is phishing?

Phishing is a type of Internet fraud that seeks to require a user’s credentials by deception. It includes theft of passwords, credit card numbers, bank account details and other confidential information. Phishing messages usually a form of fake notifications from banks, providers, e-pay systems and other organizations. The notification will try to encourage a customer, for one reason or another, to immediatly enter or update their personal data. Such excuses usually relate to loss of data, system breakdown, etc.

How to identify phishing in 5 steps:

1) Company - These are emails sent out to thousands of different email addresses and often the person sending these emails has no idea who you are. If you have no conection with the company or the email address that it is supposedly coming from, it's fake. For example, if the e-mail is coming from Wells Fargo bank but you bank at a different bank.

2)Spelling and grammar - Improper spelling and grammar is almost always a give away. Look for obvious errors.

3)No mention of account information - If the company really was sending you information regarding errors to your account, they would mention your account or username in the e-mail.

4)Deadlines - E-mail requests an immediate response or a specific deadline. For example, if the requirement to log in and change your account information within 24 hours.

5)Links - Although many phishing e-mails are getting better at hiding the true URL you are visiting, often these e-mails will list a URL that is not related to the company's URL. For example, eBay http://fakeaddress.com/ebay is not an eBay URL, just a URL with an ebay section. If you're unfamiliar with how a URL is structured , see the URL definition for additional information.