Phishing is an effort by cybercriminals to use bait in the guise of a familiar email address to hook you into revealing your own sensitive information, like your bank account or credit card details, and then you become a financial victim.
A common ploy starts when a criminal (usually in a foreign country) hacks someone’s computer and gets the hackee’s contacts. The criminal then masquerades as the hacked friend of yours by sending you a message using the hackee’s email address, though it’s actually coming from the unknown criminal. A typical message can be “Hi. Can I ask a favor?” inducing you to reply unknowingly to the criminal, while you intend to respond to your friend. Some criminals are more direct or use this as a second message, such as this real example:
Thanks for your email I'm sorry for this urgent request ,I'm currently in Manila right now with my family on Holiday.Unfortunately we were mugged at the park of the hotel where we stayed all cash,credit card and mobile phone were stolen off us but luckily we still have our passports with us.I'm thinking if I could get a quick loan of $2,000 USD from you or anything you can afford to loan me so that I can clear some little things here and also take a cab to the airport. I promise to refund it as soon as I get back home , let me know so I can send you my details.
Waiting to hear from you.
(your friend’s name)
Unless you have an illiterate friend, you might immediately find this suspicious and decide not to reply further. But many people have responded to such bogus messages and been burned as a result.
This podcast tells a real story of two college professors who were initial victims of a clever evolution of a phishing scam. Listen for tips on how to know if you’re being phished and what to do if you see bait tangling before you.