What is phishing?

by | Jul 15, 2022 | 1 comment

Phishing refers to the strategy attackers use to steal information from you by pretending to be someone else when they contact you. It’s probably called phishing as a combination of fishing — fishermen using a lure (email) to catch fish (you) — and the ph popularized by phreaking — what people called hacking phones in the 60’s and 70’s to get free long distance calls.

One very common phishing tactic is to email an assistant of a C-level executive in a big company pretending to be the executive. The attacker will say something like, “I’m running late for this conference and realized I forgot the prize! I need you to send me $500 in Apple gift cards asap!” or “I lost my sticky note with our bank info, you need to send it to me immediately. I need to do my expenses tonight.”. The goal is usually financial gain – cash, gift cards, a bank account — or access to another account (to post on your social media, for example).

Here’s a phishing email from my inbox – the attacker is pretending to be Venmo or Capital One offering a promotional gift. This is very lazy one as they just redirect you to a similar scam that promises you a free gift if you pay shipping and handling.

Attackers that phish for your account access will email you prompting you to log in to an account, usually email or social media, but instead of going to the real site it will go to a fake one. For example, the infamous Clinton campaign hack was a result of someone clicking an email that said, “Take action now to protect your Google account” and entering their Google credentials on a fake website.

You got it. Companies emailing you and saying you need to click a button to pay your bill, resolve an account issue, or reset your password are common. That’s why hackers copy them — you expect to get them from time to time, and they hope you don’t look too closely.

You got it. Companies emailing you and saying you need to click a button to pay your bill, resolve an account issue, or reset your password are common. That’s why hackers copy them — you expect to get them from time to time, and they hope you don’t look too closely.

Phishing isn’t just in email — it can come from anywhere, including social media and messaging apps.

Who’s doing this?

You will likely face two types of attackers. The first group is commercial phishers — these people target huge swaths of accounts at a time automatically, using information from leaks or the gray market. As socialist orgs do not have a lot of cash to steal, they aren’t going to face targeted attacks from attackers only looking for financial gain. Hooray?

The second and more dangerous group of attackers are fascists, explicitly opposed to leftism as a project and looking for targets to make miserable. They are usually going to launch more specifically targeted, harder to detect attacks and will likely go after account information to do things like deface social media or stalk targets rather than focus on financial gain.

If an email mentions your address or other snippet of private info, does that indicate its legit?

Great! While less common, it’s not hard for hackers to use large dumps of data (some of which are public) to map emails to things like addresses or other usernames.

Don’t let your guard down! While less common, it’s not hard for hackers to use large dumps of data (some of which are public) to map emails to things like addresses or other usernames.

Can you stop phishing attacks?

There are very few purely technical means to stop phishing. Major email providers like Gmail and Outlook perform basic checking of email and can send most obvious attacks to Spam, but they can’t get everything.

It’s hard to protect against phishing with technology because it relies on tricking people, not hacking computers. Computers have a hard time differentiating well-written, securely sent phishing messages from real email.

That said, there are two great ways to help protect some accounts against phishing — a security key, and training. Let’s take a closer look at security keys first in the next lesson.

The above content is part of a course on socialism.tools. If you login, you’ll see quizzes and links to other lessons in the course.