What is Phishing?

Andrew Serene - President, IT Director

by Andrew Serene
December 2018

Phishing is a social engineering tactic where a malicious actor uses online communication (Email, txt, or instant messaging) to deceive you into giving out sensitive information, banking information or your passwords to access it. Typically, the messages pretend to come from well-known and trustworthy web sites or high-ranking authority figures.

Examples of Phishing
  1. This email is specifically targeted at an employee and asking for information on electronic wire transfers. On closer inspection, you can see that the email is sent from ev.achen@yahoo.com instead of an official email address of your organization. You should confirm the request with the sender via another means of communication (not email).
    phishing email example
  2. This email claims to be a system message warning you of suspicious activity on your account. It is carefully crafted to look like a valid message and even includes a fake banner that says the message is from a trusted source (circled). However, there are two things to notice in this message that are immediate tips that this isn't valid (highlighted in yellow).
    1. The from email address is clearly not from a real company address
    2. The address that the "Reconfirm Password" link points to does not go to a company server.
      If ever in doubt, confirm with your IT Support group (540-773-3570 option 1).
      phishing email example verification
  3. This email contains an attachment that claims to include updated settings for Microsoft Outlook. However, the attachment is actually malware designed to compromise your computer and steal your passwords. You should confirm the request directly with your IT Support (540-773-3570 option 1).
    phishing email example attachment fraud
  4. Sometimes those malicious actors will take additional steps to convince you into slipping up. For instance, they may send an email similar to those above and wait. If you do not respond in a couple of days, they may call you pretending to be a part of the IT department and reference the email sent previously to encourage you to open it and unknowingly install malware on your computer. When in doubt, please tell the caller you will call them back and dial your IT Support group.

You can read more on how to recognize email scams at https://www.us-cert.gov/sites/default/files/publications/emailscams_0905.pdf.

This material is provided by The Scylla Group, Inc. for use by our clients and customers of Trend Micro Antivirus and Security products. Some content was supplied from Trend Micro provided Phishing Awareness Training via a corporate partnership.

Related Articles