Lets go Phishing!

Let’s go phishing.

Unfortunately, we are not talking about catching trout here. Forget the rod, but we are still talking about hook, line and sinkers. Phishing is different kind of catch. As Merriam-Webster defines it, phishing is a scam by which an email user is duped into revealing personal or confidential information, which the scammer can use illicitly.

Most of us most likely have some sort of phishing email in our inbox right now. With the advancement in technology in the past few years, it has made it easier and easier for people to phish our email accounts. While I was doing research on phishing this week, I came across something that was astonishing to me. I came across a website that actually taught people how to phish on Facebook. I did not have to do any major digging to find this website, it came up with a simple Google search. The website can be found here.

Basically, the website gives a step-by-step tutorial on how to bypass Facebook security checks and phish people. Although the article does offer warnings and disclaimers about phishing, I was shocked to find this information so accessible online. There is even a discussion section at the bottom of the tutorial where people discuss their phishing tactics.

Phishing can look may different ways. With phishing, the adversary can be message-based deception or identity-based deception or, in some cases, even both. It may appear to be someone you know asking to “borrow” your password and email account so they can contact someone or it may be someone pretending to offer to wire you funds to get money “out of the country” in order to get your bank account information. Even though these situations may seem like red flags to most of us, this is not always the case because some adversaries are tricky to decipher. Luckily, both the TechTimes and NCSU News provide great tips on how people can protect themselves from the dangers of phishing. Some tips that I thought were the most helpful were:

 1.     Look for urgency: If the message urges you to take action right away or suggests dire consequences if you don’t, its probably a phishing attempt.
2.     Pay attention to spelling and grammar
Misspelling and poor syntax are typical of many, but not all, phishing emails.
3.     NEVER provide your username and password when asked.

Discussion Questions:

1.     Besides the tips that were provided for phishing protection, can you think of any more tips to help people protect themselves from unwanted phishing?

2.     Have you ever fallen victim to phishing, or do you know anyone how has? If so, what was the outcome?

3.     How would you suggest the problem of phishing be approached? Is it something the government should be doing something about? Or is it just up to Internet users?

4.     Have you seen any examples of phishing anywhere besides on email or Facebook?