The theme for Week 2 of Cybersecurity Awareness Month is “Phight the Phish!” Arguably one of the most insidious forms of cybercrime, phishing relies on tricking a recipient via social engineering into handing over personal information—and sometimes installing malware in the process. It’s estimated that 1.4 million websites are created each month to lure users into supplying their passwords, credit card numbers, and other valuable information in a response to an email purporting to be from a trusted institution or known person.
The first known instances of phishing occurred in the mid-1990s, when troublemakers led by an America Online user known as “Da Chronic” used a Visual Basic program called “AOHell” to wreak havoc online. Among other nefarious activities, AOHell users tricked other AOL users into sharing sensitive information. AOHell users coined the term “phishing” to describe their exploits, which were analogous to fishing—throwing out a hook and hoping for a bite. The “ph” was a nod to phone phreaking, a form of telephone hacking used to make free long distance calls.
Recognizing phishing emails in your inbox
If you’ve ever received an email seemingly from a known person asking you to do a favor (buy gift cards, for instance) you’ve been touched by phishing. In 2016, five University of Kansas employees were tricking by a phishing email into updating their payroll information, allowing cybercriminals to acquire their direct deposit information. Three of the employees had their paychecks affected.
#Phishing relies on tricking a recipient via social engineering into handing over personal information—and sometimes installing #malware. #PhightThePhish
One of the most notorious phishing stories is that of Democratic political consultant John Podesta, who was tricked by an email with the subject line “*Someone has your password,*” into sharing his Gmail password … and thus revealing the inner (and sometimes embarrassing) workings of Hillary Clinton’s presidential campaign. His emails ended up on WikiLeaks.
Podesta could have used a few tips for avoiding phishing, including being suspicious of an urgent call to action, noting generic language and bad grammar, and not clicking on suspicious links or attachments.
Photo: wk1003mike / Shutterstock