DING! You’ve Got Mail!
This is an all too common occurrence these days. Phishing is a Social Engineering attack that tricks the user into giving the attacker all the information that they want by masquerading as legitimate electronic communication. The term ‘Phishing’ was coined by hackers in the late ‘80s and really started to impact the online world in the mid ‘90s. These attacks were primarily targeted AOL users in attempts to gain their username and password and with that access to their credit card information, but the intent has become much more malicious since then.
Tracking the actual damages caused by Phishing is difficult because of the nature of the attacks. The end the user is giving actual information to the attacker, so some financial institutions refused to cover the losses for fear of being scammed themselves. A report released in 2007 estimated the loss at $3.2 billion dollars annually, but recent investigation have shown that number to be inflated. A conservative estimate of between one and two billion dollars of loss per year is more widely accepted.
Phishing is so effective because it targets the user.
You can have all the virus and spyware protection in the world, but if you get phished, you are giving your information up voluntarily. As with all Social Engineering attacks, the best defense against Phishing is to be aware of what you are doing on the computer. You can easily take steps to avoid getting phished by making small changes to your browsing habits. If you suspect any attempt at phishing, contact the company that appears to have sent you the email to ensure that it is valid or type the company’s website into your browser instead of following any hyperlinks from suspected emails. Education and awareness are not the only security tools available to help control phishing. In the past few years, many steps have been taken to make browsers more able to intercept phishing attempts. Secure connections and phishing site lists are just some ways your computer tries to help protect you.
Phishing is nothing more than a manipulation tactic. These tactics are more powerful and more successful than all but the most sophisticated Malware at getting valid personal information out of the user. Responsibility ultimately lies with the user to understand that there are people out there trying to take advantage of them and to make sure they are not giving up access to their personal information.