Why is there acid in my fish?
Hackers are getting more and more sophisticated, last week’s event showcases this. While we should not panic and abandon email altogether, it is worth taking a few precautions as well as being careful when opening emails.
Trust but verify
Even when the email comes from somebody you know and trust, ask yourself does this email look legit? Does the context make sense? E.g. when the email says “Follow up”, but doesn’t indicate what it is following up and is sent to a large group (just to give an example).
Similarly, if the format of the email (layout, color scheme, images) looks slightly off or when there are many spelling mistakes, this should give reason to pause.
Links to external content are a big red flag, especially when those pages ask you for sensitive information such as username & password, credit card information etc..
There are steps you can take to make it less likely you’ll become a victim:
- Make sure your machine is running an up-to-date version of a virus scanner from a respected company.
- Use two-factor authentication where possible. Outlook/Hotmail, Gmail and many other other accounts support this for free. This way even if your password is compromised, hackers would need to get a hold of a second token to access the account for each time they access it.
- Use complex passwords that are unique to each service. Use a password manager (one that has undergone thorough security reviews) to store passwords that are hard to remember.
The FTC has a webpage with more information on how to avoid being phished (yes I understand the irony of linking to an external webpage while talking about phishing, use your best judgement and don’t enter any personal information on that page).
To answer the question in the title of this post: Phishing uses email and websites as lures to have people bite with sensitive information. That addresses the “fishing” part of the name. The “Ph” part comes from the 1960 where hackers would freak with the phone system by tricking it to think they had paid for their long-distance calls by replaying special beeps, these hackers were called Phreakers (combining phone and freak).