Phishing 101: How Scammers Obtain Sensitive Information

Con artists use old tricks and new technologies to breach data, steal identities

If you are reading this blog, you’ve probably experienced multiple phishing attempts, whether or not you were aware of them. Phishing is a type of online scam in which swindlers attempt to steal data – it is one of the most common forms of fraud in modern society, thanks to the ubiquity of the Internet. Broadly speaking, phishing refers to attempts to trick people into handing over sensitive and private information through the guise of a legitimate request from a well-known source. This may take the form of a spoofed (fake) login screen, or an email from a high-ranking person at your work, a reputable charity, or financial institution.

“The term ‘phishing’ is a variation of ‘fishing’ in the sense that attackers ‘bait’ the user to click something or provide information. Since it’s considered a digital attack, the ‘f’ was changed to ‘ph’ just like ‘phreaking’ for hacking phones. The first phishing technique was reported to be in 1987 and the first use of the term ‘phishing’ was in 1995.”

—Malwarebytes Labs.

The information sought in phishing attacks typically includes credit card information; login credentials; social security numbers; financial information; and even health information.

Sometimes, these attempts are incredibly sophisticated, say in the form of a website that mirrors the real page almost identically or an email alert that seems legitimate. Phishers love the phrase “We suspect an unauthorized transaction on your account.” Just last week, a spoofed Wells Fargo page was up:

Other times, the attempts are transparently fake, like an email from a Gmail account written in broken English, purportedly from a C-suite executive requesting employee information. Still, some unsuspecting people will fall for scams like this, causing data breaches and untold harm to many people with a single click.

You can see other recent examples of phishing on Phishing Alert, a twitter account dedicated to posting phishing campaigns.

Once someone’s private information has been successfully phished, it’s like opening Pandora’s box—there’s no going back. That information is out there, raising the risk of identity theft, financial losses, and other fraud for years to come.

Stay tuned for the next post in this series covering basic information about preventative and reactive security measures you can take on your own. You can learn more about CaseyGerry’s related data breach and privacy violation lawsuits and investigations here.

By: Alyssa Williams