What is phishing?

According to a report by FireEye, one in every 101 emails is malicious. Phishing is a type of cyberattack that uses email to trick recipients into believing the message is genuine, and encourages them to either download a malicious attachment or to share valuable personal information, such as financial information, social security numbers, or login credentials.

How a phishing attack works

• The attacker creates a login page of a trusted website that looks identical to the original site.
• Then, the attacker lures the victim to this login page of a malicious site by sending a scam email. Once there, the victim is prompted to enter their login credentials.
• After the victim enters their credentials, the PHP script that redirects them to the original website processes their information.
• This PHP script transfers the stolen credentials to the hacker's email server.
• The attacker uses the stolen credentials to hack into the victim's account.

Top five types of phishing scams:

Spear phishing

Spear phishing targets specific individuals within an organization. This approach requires thorough research of the victims. Often, attackers will target victims whose personal information is available on the internet. By accessing victims' social networking profiles, attackers can track down targets' email addresses, job titles, and where they work. Using these details, attackers can send a convincing but fraudulent message to their targets.

Pharming

Pharming occurs when hackers redirect users to a fake site that's almost identical to a legitimate site. After the user accesses the fake site, criminals then prompt them to provide sensitive information, such as passwords, social security numbers, and account numbers.

Lottery scams

In this type of attack, users receive an email stating that they won a lottery or sweepstake. Then users are prompted to provide bank account details along with personal details to prove their identity. Hackers use these details to steal money from the victim's bank account.

CEO fraud

During this scam, an attacker pretends to be the CEO of a company and then sends an email requesting the victim to provide personal or bank details. Since the email appears to be sent from the CEO, employees are quick to complying with the demands and often don't realize their mistake until it's too late.

Advance-fee scam

A common example of this scam is the "Nigerian prince" email scam where the user requests help smuggling wealth out of Nigeria. The scammer promises to pay the victim for their help once the deed is done. This scam requires the victims to send their bank details and a processing fee in advance.

Tips to avoid email phishing attacks

To protect yourself from falling victim to a phishing scam, it's important to be cautious with your personal and financial information. Here are some pointers to avoid falling for a scam:

• Watch out for emails that convey a sense of urgency and ask you to take immediate action, like giving away financial information.
• Avoid unsolicited emails that prompt you to click on URLs—even those that appear legitimate.
• Be wary of emails that say you’ve won a contest you haven’t entered.
• Don't open emails from senders you aren't familiar with.
• Never download an attachment from an unknown sender, as it could be malware.
• Type the web address directly into your browser rather than clicking on links given in an email.