Phishing Attacks

According to the United States Computer Emergency Readiness Team, "Phishing is an attempt by an individual or group to solicit personal information from unsuspecting users by employing social engineering techniques. Phishing emails are crafted to appear as if they have been sent from a legitimate organization or known individual. These emails often attempt to entice users to click on a link that will take the user to a fraudulent website that appears legitimate. The user then may be asked to provide personal information, such as account usernames and passwords, that can further expose them to future compromises. Additionally, these fraudulent websites may contain malicious code."

Phishing can get even more personal and become a term known as "spear phishing". The Digital Guardian "Phishing attacks and spear phishing have much in common, including the shared goal of manipulating victims into exposing sensitive information. Spear phishing attacks differ from typical phishing attacks in that they are more targeted and personalized in order to increase chances of fooling recipients. Attackers will gather publicly available information on targets prior to launching a spear phishing attack and will use those personal details to impersonate targets’ friends, relatives, coworkers or other trusted contacts."

Types of Phishing Attacks

Most often, phishing occurs in the form of an email, but can also come from direct messages from any platform that allows it. Online areas such as Facebook, eBay, and Craigslist have had reports of phishing. Even according to a Forbes article on the Top 10 New Phishing Scams of 2015, those listed were Bank of America, Westpac Bank, PayPal, Chase Bank, Microsoft Outlook, and the Apple Store with multiple phishing attacks coming from these accounts. According to an Entrepreneur article, there are five main types of phishing attacks which include:

1. "Emails from people claiming to be stranded in a foreign country, asking you to wire money so they can travel home"
2. "Emails claiming to be from a reputable news organization capitalizing on trending news. These emails ask recipients to click the link to read the full story, which in turn leads the user to a malicious website"
3. "Emails claiming to be from organizations like the FTC and FDIC, referencing complaints filed or asking recipients to check their bank deposit insurance coverage"
4. "Emails threatening to harm recipients unless sums in the thousands of dollars are paid"
5. "Emails claiming to be a confirmation of complaints filed by the recipient. Not having logged any complaints, recipients are inclined to click on these links to find out what is being referenced. The links and attachments contain malicious code"

One thing that is for certain is that phishing attacks never end well for the victim. A string of headaches and stress, which is common with any fraud, are sure to be present and we at Rocky Mountain Credit Union want to keep you financially safe and sound. So when it comes to suspicious online activity, it's best to avoid the activity entirely because if it seems too good to be true, it probably is.