Phishing

Have you ever received an email asking for you to click a link or input your personal account information?  Well if you have most likely you received a phishing email.  Phishing is the act of attempting to trick people into revealing valuable information such as usernames, passwords, credit card numbers, etc by pretending to be someone you trust (PSU SOS).  These criminals sending phishing emails can always use other mediums such as text messages, phone calls, instant message and social networks like Facebook, twitter, and Instagram.  In class we talked about how college students are prime targets of phishing.  We are prone to this because we rely heavily on the Internet to store personal information and we rarely check our credit card and bank statements, as we should.  We also get numerous emails a day so we can be easily tricked to give account information by phishing emails pretending to be our bank or credit card company or even Penn State. The article I chose to apply to this concept is “Spear Phishing: A Bigger Concern in 2015” by Tracy Kitten.  Kitten talks about how criminals using phishing are changing their direction and method of using phishing.  Instead of targeting bank customers directly criminals are now targeting bank employees.  These fake emails are convincing employees to click on malicious links that compromise their credentials and information or providing information about their accounts and account holders.  Criminals are using logos and email formats of that employees company or of a client/vendor to trick the employee to trust the email.  The ultimate fear of these criminals going after employees is that they can gain access to much more information.  They can get company information and information of all customers and clients of that bank.  Also with more people and bank institutions using online banking we are becoming easier targets for phishing.  DEMARC, which stands for Domain-based Message Authentication, Reporting and Conformance is an email authentication service that can authenticate an emails source and block spam.  Although DMARC is an incredible service and protection, it isn’t enough.  Criminals are constantly changing their techniques to get around filters and identifiers used to authenticate emails.  As Kitten explained that the education of the employee is becoming increasingly critical.  This is important because although there is DMARC to help protect it is also the responsibility of the email user to be able to identify and be cautious of phishing emails they receive.  I completely agree with Kitten’s article.  In the age we live we have become fairly dependent on technology.  Criminals are taking advantage of this dependency so it is our job to look out for and report phishing emails we see.  I have learned from an experience I had when I was in high school.  My mom clicked on a malicious link that she thought was from our credit card company.  It turned out that it was a criminal who obtained her credit card information.  Thankfully our credit card company informs us of strange charges so we were able to cancel the card and report it to our company.  As technology keeps advancing crime will too so it is up to us to be cautious of what we put and share online.  

Article- http://www.bankinfosecurity.com/spear-phishing-bigger-concern-in-2015-a-7742/op-1 

Sources: http://sos.its.psu.edu/2013/01/convincing-phishing-scam-sent-to-penn-staters---mimics-     pnc-bank-alert.html

             http://agsci.psu.edu/it/how-to/understand-phishing     http://www.microsoft.com/security/online-privacy/phishing-symptoms.aspx     http://www.accreditedonlinecolleges.com/blog/2011/12-common-scams-that-target-college- kids/     http://sos.its.psu.edu/resources/phishing.html)