Now we'll start talking more specifically about some common attacks.

And we'll begin with perhaps one of the most well known, phishing.

The word comes from the term phreaking,

a form of hacking that attacks cell phone communications,

combined with the word fishing, since it involves baiting the target.

Phishing attacks are often email messages,

instructing you to confirm your user name and password on an external site.

But phishing really could be any attempt to trick you into providing sensitive

information to an unauthorized party, including phone calls,

text messages, or even in person requests.

I'll point out some red flags or hints that should raise some suspicion for

when you're reading messages like this.

Then you'll be able to better identify phishing attacks and prevent falling for

them yourself.

Here is an example of a phishing email.

This may look innocent enough and

many people have fallen victim to attempts much like this one.

Let's take a closer look at some of the warning signs.

The first thing to notice is that the sender email address is suspicious.

This looks like it's meant for the lehigh.edu students,

but the sender has an @udd.cl account.

Another suspect part is that it's addressed rather generically,

dear account user.

Usually, important emails include valid personal information.

There's an urgency to the email, and

a risk of losing access if you don't follow the instructions.

That should sound some alarms for you as well.

There's a grammatical error here, it may seem minor but

genuine emails are typically much more professional.

There's a misleading link to click on.

A valid link should come from a trusted domain,

which is the main part of the URL just before the .com.

The subdomain, or the prefix here before the domain looks like it is associated

with the institution.

But in fact,

whoever owns the jimdo.com website can add anything they want as a subdomain.

The email is asking for your credentials at all.

You should almost never be instructed to enter your login

information from an email.

I would even advise calling the institution directly

to verify if you think the message still may be legitimate.

Now, you may have recognized many of these red flags right away.

If so, that’s great, the better everyone is at identifying phishing

attacks the less likely they will occur.

Of course, not all of them have this many red flags.

The reality of phishing attacks is that they require almost zero effort

to create and send out to targets.

And all it takes is one or two people,

often out of the thousands who receive the message to fall for it.

Because the effort to reward ratio so heavily favors attackers,

many experts don't expect phishing scams to go away any time soon.

Spear phishing is a variation of phishing but quite a bit more insidious.

It gets its name from being pointed at someone specific.

So it's a message meant to trick you into providing sensitive info, but

there is a deceitful familiarity to it.

It may look like it's from a friend or

someone that knows details about your personal life.

Here's an example, and we'll go over the suspicious aspects.

Note the sender email again.

More grammar mistakes.

Of course, authentic messages contains mistakes too.

Refer to the attached document.

Attachments could potentially contain viruses, or

otherwise infect your computer.

Do not open, unless you know and trust the sender.

To recap, here are some common red flags for a phishing attack.

Email or domain doesn't match.

Careful of subdomains.

Spelling or grammar mistakes.

Incredible offers or rewards.

Inconsistent context.

Requests for money.

Urgency, threats or unrealistic risks.

Government agencies.

Includes suspicious attachments, asks for your credentials.

Now that you've seen some examples of phishing and its targeted variation,

spear phshing, you'll be better able to identify these types of attacks and

prevent falling for them yourself.