Fishing, of course, is the sport of tossing a baited hook into the water and then patiently waiting for a fish to bite.
Phishing is similar. The cybercrook sends out spam email and waits for a victim to take the bait. A phisher can send thousands of phishing emails a day, and eventually some people will get hooked.
Phishing is a multi-billion dollar business. Unlike the ongoing depletion of the ocean’s fisheries, there are still plenty of people out there to phish. Today, many victims in developing nations like India and China have only recently gotten broadband Internet access, and are considered fresh meat by the bad guys.
Phishers follow a similar editorial calendar as newspaper and magazine editors, coordinating their attacks around holidays and the change in seasons. They capitalize on significant events and natural disasters, such as Hurricane Katrina, the Japanese Tsunami and the swine flu. On their radar right now is the 2012 Olympics.
Francois Paget, Senior Threat Researcher at McAfee discovered numerous emails combining scam lotteries and the Olympics. Like chocolate and peanut butter these two topics go great together.
“These mails inform the recipients that they have won a substantial amount of money. After contacting the lottery manager, the victims of these rip-offs will be asked to pay “processing fees” or “transfer charges” so that the winnings can be distributed. In some cases, the organizers ask for a copy of the winner’s passport, national ID, or driver’s license. With that personal information compromised, future identity theft activities are guaranteed.”
Awareness is the best way to avoid being scammed. Knowing what the bad guys are doing to hook their victims and learning not getting caught is your best protection. Here’s a video that explains what phishing is and how to detect if an email is phishing. You should also be aware of phishing when reading emails on our mobile phone. For more information about mobile phishing, read this.
- Invest in security software that includes antivirus, anti-spyware anti-phishing and a firewall.
- Never click links in the body of an email unless you are 100% sure it’s legit
- Don’t go snooping around your spam folders opening emails that look suspect.
- When in doubt, delete. Like mom said, if it’s too good to be true, it is.