The term 'phishing' derives from the idea of fishing -- fishing for information. It refers to a type of internet fraud that attempts to collect sensitive financial information. Typically, a fraudulent email is used for this. The fraud disguises as a trustworthy entity to trick people into revealing information such as user name and password, address and phone number, PAN card number, date of birth, ATM/Credit card number, card validation code, etc. They lure the unsuspecting into financial ruin.
According to the Anti-Phishing Working Group, an international consortium, there were at least 115,565 unique phishing attacks worldwide during the second-half of 2013. These attacks were carried out by using 82,163 unique domain names, which were registered maliciously. Top five top-level domains used for the purpose were .COM, .TK, .PW, .INFO, .NET, and .CF. The targets mostly included large and small banks in Latin America, India, and the Arab world. It appears that almost any enterprise with an online presence can be a phishing target -- the report adds.
Phishers use different disguises, methods and mediums -- they can approach you as a credit card company or an online shopping site. Besides deceptive emails, fax and phone calls can also be used. Sometimes great sounding offers are used as baits. They also try to steal data from your PC by injecting malware as email attachments or downloadable files. Sometimes, a link is mentioned and clicking on it can lead to a copycat website that is identical to your bank's website, and when you 'update' your information on that site, it goes to the phishers.
So, be cautious. Never disclose sensitive financial information to anyone, even if the mail appears to come from a bank or a business you usually deal with or even when the website on which you are asked to provide information appears authentic. Never download files or open attachments sent to you from unknown senders. Don't get misled when you receive a message like this: "We recently upgraded our online banking security system, confirm your log-in details"; don't panic when you get a pop-up warning: "Your computer has been compromised! Click here to download a security fix!"; and don't get lured by offers like: "Win a free iPad!"
For a small business phishing attacks could mean financial ruin, so always follow strict online safety practices. Use an advanced security software package that detects not only viruses and spam but also malware and suspicious e-mail attachments. Always use strong passwords, encrypt all sensitive information, use appropriate backup solutions, and also educate your employees about internet safety and latest threats. And never forget the basic rule -- keep your secrets secret.