Phishing is when criminals impersonate well-known reputable organizations sending emails as that organization to lure a person into revealing private information that can be used in identity theft. The email informs the target they must go to a website to update their information. Criminals will attempt to scam you into revealing usernames, passwords, credit card numbers, social security number, date of birth and bank account numbers. You know the organization they are impersonating already has this information so you feel comfortable entering it a second time. The web site the link in the email takes you to is bogus. It was created by the criminal for the sole purpose of stealing information.

There are four types of phishing.

Phishing

This is what we discussed above. It is now used to describe any attempt in phishing not falling into the categories below.

When crooks direct a phishing attack at a specific organization or individual it is referred to as “spear phishing”. Criminals will research their target and send an email that their target is likely to already receive. This increases the probability of success. An example would be targeting real estate agents with a fraudulent email from an escrow company requiring an agent to update their login information. Many escrow companies now provide portals for agents to upload documents from their clients which required for the sale of a home. These documents often contain private information about the buyer or seller. If a criminal was able to login into the agent’s portal they could obtain this information.

Clone phishing

This is when a criminal, through research, is able to find a legitimate email you received in the past requesting information like a password reset or a status update with an attachment. Then the criminal sends you the email all over again only this time they replace the attachment or link with their own link or attachment. Usually the email will include a note that it is being resent to ensure it was received.

Whaling

This is a new term where villains are attempting to steal information from high level executives within a business. Typically they want usernames and password which can be used to access proprietary company data. Since it is assumed that these top level executives earn higher wages sometimes they target personal information as well.