Phishing is everywhere, it is more than likely that you have personally encountered phishing. You are not alone, millions of phishing emails and texts land in internet users' inboxes everyday. This is a problem that has plagued internet users since the beginning of electronic mail and does not appear to be going away anytime soon. The number of phishing attempts continues to grow each year and phishers keep expanding their tactics.

Definition of Phishing

To put it in simple terms, phishing is the use of email or text to steal passwords or financial information. Compared to most types of online attacks, phishing is not technically advanced at all. Phishing relies on violating human trust to steal information by having the victim willingly hand it over to the attacker.

In a typical phishing attempt, an attacker sends out a message that appears to come from a company you know and trust. Phishing often starts with an email that will ask you to go to a link and log into your account. The email will urge you to update your account information to ensure you maintain access to your account. Then, the link will take you to a login page that looks identical to the login page of the real company. However, this is a fake page that the attacker has set up to steal your password. In a few seconds and a couple clicks, you just handed over access to your account.

Phishing Email Example

Here is an example of a common phishing email targeting a PayPal account.

PayPal Phishing Email

If we look at this email closely we can see that this is a classic example of a phishing attempt. The email urges the user to click on the link that is supposed to take them to a login page. The email says the user needs to login to secure their account because of suspicious activity. The URL from the email takes the user to a webpage that looks identical to the official PayPal login page.

PayPal Phishing Webpage

The fake webpage resembles PayPal’s login but the URL from the email does not match PayPal’s official website. An unsuspecting user might login on the fake page, effectively handing over their password and account. Now the phishers have stolen the user’s password and have total control over their account. Next, let’s look at the potential aftermath of the attack.

Effects of Phishing

Successful phishing attacks can have a lot of negative consequences. An attack can result in the loss of access to your account and any associated data. Phishers can use your stolen password to log into other accounts that use the same password. In this way, one attack can compromise all of your accounts that use the same password.

Some phishing attacks can have financial consequences. If a credit card is attached to an account, phishers can steal money or make charges to your card without your knowledge. In a business setting, a compromised account can waste company time and resources. Any data associated with the account is lost and a business could be held liable if the information is sensitive. This can result in costly legal action.

Phishing is not only annoying, but it’s expensive. Phishing can affect both individuals and organizations. Attacks cost you both your time and money.

Why Does Phishing Work

Phishing works because it’s easy. Phishing is the most popular form of internet hacking, over 90% of all hacks start with phishing. It’s ease and simplicity have made it effective and thus quite popular. Phishing takes advantage of the weakest point in a strong defense: humans. In any security system, humans are the greatest vulnerability. We are easily tricked, persuaded, or distracted. Theft, deceit, and fraud existed long before the internet took form. It is no surprise that criminals exploit the same natural flaws in humans while using the internet.

Most often, humans have other duties and are not on their highest alert for infiltrators. Humans when focused are good at spotting phishing emails, but when distracted by work or trying to respond to the rest of their inbox, humans fall prey to phishing scams.

Hundreds of emails flood users' inboxes everyday. A busy user is focused on replying to clients and co-workers, communicating with friends, or managing their services. In the middle of this sea of emails could lie a simple, yet dangerous fake email. Phishing continues to persist because humans will always be distracted and vulnerable to password theft.

Phishing isn’t going away anytime soon. Phishing continues to grow into other areas of our digital lives. We are seeing a trend of phishing expanding to target user’s on their phones through smishing and spam texts. Digital tools help prevent some attacks but the burden will always fall on the user to realize they have encountered a illegitimate email or text.

How to Prevent Phishing

Education is the key to defeating phishing. Software tools are great for providing a first line of defense against phishing. However, attackers are just really good at phishing. One way or another, a phishing attempt will get through the best perimeter. The last line of defense will always be the user. Knowing how to spot a phishing attempt is vital to preventing the attack.

There are several easy ways to spot and prevent being a victim to attacks.

The best way you can prevent an attack is by not clicking on links. Phishers send links that take users to realistic webpages designed to steal passwords. To ensure that you never go to the wrong website and hand over your password, never click on links in an emails or text messages from unknown senders.

As a rule of thumb, just ignore the message and move on. If there really is something wrong with your account, the company will reach out again. You can always go to your account directly to make sure nothing is wrong.

If you still want access the company’s website to check your account, the safest method is to open up a web browser and navigate to their website. This prevents being tricked by a fake website in an email link and makes certain that you are on the correct website.

Ask for Help

Defeating phishing takes a community. Asking for help when you’re not sure if an email is real or fake is a good practice. Others can provide assistance for spotting a deceptive email. There are countless resources available on the internet to help you. If you think you are being phished at work, the safest bet is to forward the email to your IT department.

It is always better to be safe than sorry when it comes to phishing. Having a good understanding of what phishing is helps you understand how you can protect yourself from this attack. Phishing seems really simple and, that’s because at its core, it is. This is what makes phishing so effective. By learning about phishing you can empower yourself to stay safe from password or credit card theft.