You have probably heard the term ‘phishing’ a lot, but what exactly is it? Phishing is the act of sending an email under false pretenses, claiming to be an established legitimate enterprise to attempt at scamming the user into divulging private information that will be used for identity theft.
Typically, phishing emails will direct the user to a website where they are asked to update personal details such as passwords and social security, bank account or credit card numbers, that is already with a legitimate organization. However, the website is a bogus one and will capture and steal any information entered on the page by the user.
Common Types of Phishing
Phishing scams vary widely in terms of the quality of the forgery, the complexity as well as the objective of the attacker. There has been an emergence of several distinct types of phishing:
- Spear Phishing – Phishing attacks that are directed at specific organizations, individuals or roles are also known as “spear phishing”. Due to the fact that these sorts of attacks are very pointed, it is likely that attackers will go to marvelous lengths to collect specific institutional or personal information so that the attack is more believable and increase the chances of its success.
The best defense against attacks such as spear phishing is to ensure that you carefully and securely discard information that phishers could use in such an attack, i.e. with the use of a crosscut shredder. Furthermore, you should be aware of data that may be relatively easy to obtain, e.g. your title at work, where you bank or your favorite places, and think before you act on seemingly random requests via phone or email.
- Whaling – “Whaling” is a term that is used to define phishing attacks or spear phishing, which are mainly directed in specific at managers, CEOs, and other such high profile targets in a public agency, business, or other organization.
How Common is Phishing Today?
According to a 2014 global study released by the Anti-Phishing Working Group (APWG), it is suggested that 54% of phishing emails targeted major brands including PayPal, Apple, and Chinese marketplace Taobao.
This indicates that the people behind phishing scams update their approaches and look out for new victims in segments of niche industries. While there were millions of phishing URLs reported in 2014, there was a minimum of 123,972 unique phishing attacks all over the world in the second half of that year.
Why are Scammers Successful with Phishing?
Phishing emails are blindly sent to recipients by the thousands, if not millions. When large groups of people are scammed, the “phisher” counts on the likelihood that the email will be read by a percentage of people who have an actual account with the legitimate company who are being spoofed in the email and corresponding webpage.
Also referred to as carding and brand spoofing, Phishing is a variation on “fishing,” with the idea that the bait is thrown out with the hopes that although a large percentage of people will ignore the bait, there will be some that are tempted into biting.
What do Phishing Emails Look Like?
There are many ways to identify a phishing email:
- Spelling and Bad Grammar – One of the first things you will notice in a phishing email is the incorrect spelling and bad grammar. Cybercriminals are not known for these things (they are immoral as well but that is another topic). Legitimate professional companies or organizations will typically have a staff of copy editors that will make sure that a mass email with heavy grammatical and spelling mistakes are not sent to its users. If you notice a lot of errors in an email, chances are that it is a scam.
- Links in an email – If you see a link in a suspicious email, make sure that you do not click on it. Rest your mouse, without clicking, to check if the address and the link in the message match. If it does not, it is a definite sign that it is a scam.
- Spoofing popular companies or websites – Scam artists use graphics that look like they are connected to legitimate companies or websites, but when you click on them, they actually take you to pop-up windows or phony scam sites.
How does AVG Protect against Phishing?
There is good news for everyone – every solution in AVG’s product portfolio has the ability to detect and protect against phishing. When it comes to a prolific defense, the next step is to educate business clients. AVG has a LinkScanner which is a security feature available in every AG Business product, including AVG AntiVirus, AVG CloudCare, Internet Security Business Editions, and AVG Managed Workplace.
In order to protect against phishing, this innovative feature checks website pages in real time before they can be opened on browsers and display alerts immediately to help in eliminating click-throughs to web pages that are compromised.
The cutting-edge technology that powers this feature takes a multi-layered approach to identify and stop phishing emails.
- First, the web is continuously scanned in order to identify “phishy” mailers or websites that link to these emails.
- Next, the websites are analyzed and compared with legitimate websites. In this process, unique characteristics in the way web pages are coded so that it can be identified if it is a phishing site. The process is like taking the phishing website’s “fingerprint.”
- Then, those “fingerprints” are added automatically to the virus database of the AVG software so that the phishing website and other sites that use similar or the same code can be identified.
- AVG monitors any web links that you click and then prevents phishing pages from loading. You then receive a displayed message that alerts you to the danger.
It is critical to protect yourself against phishing scams, and having AVG in your system is one of the best ways to do this. With its effective anti-phishing technology, you can make sure that you do not fall victim to these scams, which in many cases, can have a devastating impact on your life. Get AVG software and grab the ultimate security.