Phishing techniques: Asking for sensitive information via email

Introduction

Email has been a critical part of our everyday communications since the 1990s. Thanks to its affordability and ease of use, email allows users to conduct business deals, stay in touch with their family and friends, and receive promotional materials from their favorite brands. However, the use of this messaging medium isn’t risk-free.

Phishers often use email while attempting to gain access to sensitive information. They’ll use fraudulent but legitimate-looking messages to convince users into supplying their email addresses, passwords, social security numbers, credit card information and more. The sensitive information can then be used to:

  • Scam people in an email user’s business and personal network
  • Purchase expensive resalable products and services with the individual’s credit card
  • Misuse a victim’s identity by accessing their social networking profile

The truth is that no email user is safe from phishing attempts. The moving parts of email leave open windows for phishers to exploit, no matter how good your efforts to protect your information are.

Let’s take a look at email phishing in a bit more detail. We’ll look at what makes email people for it, what steps a phishing victim should take and some red flags associated with this type of phishing.

How do hackers collect sensitive information via email phishing?

It works like this: an attacker will send out thousands of fraudulent emails with the aim of collecting sensitive information. The emails often overwhelm the recipients by creating a sense of urgency or, ironically, loss of security. For instance, an email could threaten to freeze a recipient’s bank account if they do not re-supply their Social Security number. Pressurizing recipients causes them to be less diligent.

The sender could pretend to be someone from your bank or a site where you store your sensitive data, such as Dropbox. The phisher (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Dan Virgillito. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/Z122icOHzsc/