“Phishing” is a form of Internet scam that has become much more common in the past few years. A phishing attempt will usually come in the form of an email that tries to fool you into believing it’s a message from an authentic company and that it needs you to enter your personal information to validate your account. Everything about the email may appear real, but it’s actually an elaborate scam designed to steal your data.
If you click on any of the links inside the email, you can inadvertently provide hackers with access to your password. If opened, the URL may also take you to a malicious webpage that imitates the real webpage of an email service provider, such as Google or Microsoft. Once you enter your account information on that webpage, you’re automatically redirected to the vendor’s official website. But in between the phony page and the real one, the hackers can lay their hands on your credentials and leverage them to compromise your account.
Lots of people fall for phishing scams: if you’re distracted or at work, a quick glance might make you think this is a legitimate message. And because the same email can be sent to a number of recipients, hackers can hit a lot of individuals at once, and even a few clicks in thousands could net them a good return.
Of course, the conventional advice still holds. Always check the URL of the links inside an email by hovering your mouse over them, and never respond to emails asking for account credentials until you double-check their validity (call the sender/firm on a number you’re familiar with). But even if you’re following time-tested advice, some added protection doesn’t hurt.
An efficient way to identify a malicious email is setting up an extra notification to (Read more...)
*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Dan Virgillito. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/MLi201M_pXg/