Effectively protect your company against payment defaults and fraud attempts.
What is phishing?
Phishing is the fraudulent, and unfortunately very common, attempt to obtain confident data such as user names, passwords or credit card numbers by fooling their owners. It is a criminal activity. The word is a homophone of “fishing”, probably meant as a kind of joke by the “phreaks” who first developed techniques for duping people in this way. The theory, prevalent in Germany and other non-English-speaking countries, that it is derived from “password harvest fishing” is highly unlikely.
Fake emails, messages or websites are prepared to make them look reputable and genuine so users will think they are from a trustworthy source and voluntarily provide sensitive data when asked to do so, without realizing that they are falling into a trap. The fraudsters send out large numbers of emails hoping that some of the recipients will actually be customers of the company they pretend to represent.
Examples include made-up notifications that a password has expired, prompting recipients to click on a link that leads to a form for them to enter their old password in order to receive a new one. The thief then uses this information to order a credit card or empty a bank account.
An email may be a phishing attempt if:
- The salutation is impersonal.
- It urges you to take immediate action (e.g., “if you don’t log in right away, your data will be lost").
- It contains threats (e.g. “if you ignore this email, we will block your account”).
- It includes attachments, links or forms that you are asked to open or use.
- It is written in broken English and/or with incorrect punctuation or spelling (but watch out: the fraudsters are getting better at this!).
- The sender’s name is slightly wrong (e.g. “Amazon Ltd.” instead of Amazon.com).