Texas A&M System IT

The Texas A&M University System

You are here: Home / Be Cyber Savvy / Phishing

Phishing

Dog wearing glasses with paw on keyboard

Phishing, we’ve heard of it, but what does it mean? In summary, it is a tool and method attackers use to try and coerce people into clicking on a malicious site or download, potentially leading to a security issue.

On the dark web, phishing is a very popular and effective way to try to steal data, lock data, delete data, gain access, or take over a computer. Phishing usually comes through email but can come via text message or other collaboration apps like Slack, Skype, or GroupMe.

Here are some signs of a phishing attempt. While the diagram below is email based, the same principles can be applied to the other communication methods mentioned above: Example of phishing email

Phishing is usually obvious, and the above signs show prominently. However, some phishing attempts are tricky and it’s hard to spot a legitimate message from an illegitimate one. For example, amid the current crisis, many phishing attempts are using COVID-19 as their hook. Also, we’ll all recall, shortly after GDPR was passed there was a flurry of companies sending out updates to their privacy policy and emailing people about it. Well, attackers took advantage of this world-wide explosion of privacy policy updates and tricked many into clicking the links to “view or accept the new privacy policy”.

One of the best methods for protecting organizations and individuals against phishing is to report phishing attempts (Outlook > Report Phishing, Gmail > Report Spam). This helps the tool get smarter so that others don’t potentially get the same or similar emails.

As you’ll see on display in this newest security awareness video, ransomware is an especially dangerous consequence of falling for a phishing attempt. Ransomware is software that locks down data by encrypting it and won’t be unlocked through decryption until a ransom is paid. To protect yourself from ransomware:
  • First, be wary of suspicious emails and look for the signs.
  • Second, make sure your antivirus software is up to date and running. It’ll help stop the ransomware in its tracks.
  • Third, if ransomware is installed, then if you’ve backed up your data, you can ignore the threat and restore the data. Unfortunately, in many cases and especially for large enterprises, the cost of the ransom is significantly less than the cost to restore the data, even if it’s backed up. Therefore, the first and second layers of protection are critical.