Phishing scams are becoming ever more sophisticated. Once crude-looking and poorly written, they are now often so smooth and well targeted that even experts have to look twice. Research shows 70% of computer users are fooled at least some of the time.
We thought it an opportune time to answer some frequently asked questions about the evolution of phishing.
Q: What are phishers doing to fool skeptical consumers?
A: One recent development is the use of genuine-looking (but bogus, of course) security certificates that trick victims into thinking the Web page they’ve been linked to is legit. Many people look for a Secure Sockets Layer (SSL) certificate as evidence that a site is on the up-and-up, but phishers have concocted SSL “certificates” that can fool most people.
Q: I have friends who fell for phishing scams because the e-mail they received actually had part of their credit-card number. How is this possible?
A: That’s another new phishing trick that is diabolically clever. Banks issue thousands of credit cards with the same first four digits. Phishers know that if they shotgun out enough e-mails, some recipients will recognize these digits and be tricked.
Q: What is “spear phishing,” and why is it effective?
A: Spear phishing is essentially a phishing attack aimed at a very small group of people. It is more effective than large-scale phishing simply because it’s unexpected. For example, Bank of America customers are cynical because they’ve seen so many phishing e-mails – but customers of XYZ Local Credit Union may be easier to fool.
Indeed, spear phishing can actually be targeted at employees of a single company. Hackers sometimes send e-mails claiming to be help-desk employees, in an effort to learn recipients’ computer logons.
© National Security Institute, Inc.