Phishing and Phaking

Email and website phishing has become much more convincing as of late. As you can see here, one of my clients actually received an award via an email that had their name on the image of the award which was part of the email message! This article will contain examples of phishing messages. It is important to understand when websites and email addresses are real and when they are fake. All of these phishing attempts are trying to utilize the most dangerous of security vulnerabilities in the IT world…the user.

Email and website phishing are utilizing a security breach known more commonly as “Social Engineering”.

According to Social-Engineer.org social engineering can be defined as:

“the act of manipulating a person to accomplish goals that may or may not be in the target’s best interest. This may include obtaining information, gaining access, or getting the target to take certain action.”

Most commonly, this technique is used to acquire username and password information for heavily used social media websites (Facebook, Twitter etc.) or banking/financial websites (Paypal, eBay, Bank of America). Oftentimes, phishing emails will threaten the user with legal action should they not respond to the messages. Government agencies will never use email to discuss legal issues.

Here are several Phishing emails that I have received over the years:

OpenDNS (our DNS provider of choice) has recently posted this little quick quiz to see if you can spot the fake websites from the real ones. Yes it is kind of fun, but it is also a great learning tool to help you figure out sites that are real and those that are not.