Phishing Quick Facts
- A good phish targets weaknesses and lapses in human nature. For example, we often click “OK” without reading a warning.
- A phish needs YOUR HELP in order to succeed.
- Phishing is often conducted by organized crime.
- Phishing groups are dynamic and can be in any country. They often used people in multiple countries simultaneously.
- Credit and debit card users are the primary targets of phishers right now (going for fast cash).
- Phishing can come in more than one form: email, instant messages, pop-up, online postings, and telephone.
- A phish NEVER includes a real email address for the phisher, so it is pointless to reply to one.
- A phish has a hook (Trust us. Here’s why.), a required action (Here’s what we want you to do.), and a push (Hurry, act now!).
- Most servers that host phish sites are legitimate servers that have been compromised. Phishers must use the site’s URL or IP address in the phish.
- Some servers that host phish sites are fraudulently registered. Phishers can use any URL and try to make it similar to the victim site.
- “It’s hard for criminals to duplicate my institution’s website, so if it looks good, it must be the real site.” (The Truth: Many fake sites look identical to the original site.)
- “If I see a lock anywhere on the page, I know it is a secure website.” (The Truth: The lock or key that signifies a secure site must appear on the body or chrome of the browser, not as a picture on a webpage.)
- I can tell by the poor grammar if it is a phish." (The Truth: Fake sites often have perfect grammar and spelling.)