There are several myths and misconceptions that abound when it comes to Phishing. These are the top 5 most common ones:
Anti-spam software can detect phishing email
While anti-phishing and spam filters can decrease the number of phising emails that get into your inbox, they are not 100% effective. Whenever anti-phishing technology keeps improving, the phishers are always devising ways to get around them. It truly is a cat-and-mouse game.
Secondly, because spam email and phishing email are different (phishing email spoofs a legitimate business), a different set of rules and criteria are required to detect the phisher.
As long as I don’t give my password and user-name, I won’t be Phished
Phishers are getting increasingly sophisticated. They now employ several variations on the original spoofed email that once requested your password and user-name.
They will, for example, instruct you to click on a link so as to update your information at a website. If you do click on the link, malware such as a keylogger or syware wil be downloaded to your computer.
The link may take you to a spoofed website, but it may also link you to the actual website of the legitimate business. Once there, a pop-up or overlay is activated, directing you to log in. You will probably be unaware that your access information has been compromised.
Most Phishing attacks originate from outside
With all the time and effort that has been poured into the Nigerian 419 spam scams, it is commonly assumed that phishing originates from emerging countries outside America. However, a study by Symantec shows that the majority of phishing attacks actually originate within the U.S.
Phishing is a problem that we can solve by educating users
This is not true. There are various ways the phisher can camouflage an IP address. In fact, a large proportion of phishing attacks are enabled through common misconfigurations in a web application. Phishers can manipulate internet technology to redirect you from a real and legitimate website, in such a way that although the original web address points to this real web site you are taken to the phisher’s web site.
As the incidents of phishing and identity theft have increased, people have become more aware, and better able to identify phishing emails. The percentage of phishing victims has gone down. However, even though users are getting better educated and informed about phishing, there is always still a chance that someone will mistake a well-crafted phishing email for the real thing.
I will know one when I see one
This is another misconception regarding phishing, and a potentially dangerous one at that, especially in our digital world. With all the time, talent and technology available to them, these cyber crooks have more than ample resources to create and execute increasingly realistic email spam, web site spoofs or other electronic means by which to scam you out of your confidential financial data and wreak havoc on your financial affairs.
Vigilance is, in fact, your number one protection against the phisher’s hook. Underestimating the phishers may cost you.