May 26, 2018 | 1:11 pm
You are here:  / Uncategorized / Social Engineering Part II: Phishing

Social Engineering Part II: Phishing



What did you just click on? Are you sure? Look again!

Have you ever had your Facebook or Twitter account hacked? Chances are you were a victim of a Phishing attack. Phishing is a Social Engineering tactic that sends emails or displays web content that falsely claims to be from a legitimate company in an attempt to trick the user into surrendering personal information. So who gave them your password? You did! When you tried to log on to a fake site. The attackers have gotten so good that they can actually authenticate your information against a site like Facebook to make sure that your credentials are valid. If not, you will get a login failure just as if you were on the correct site.

How do they do it?


The name itself kind of sounds like fishing, right? The name is actually based off literal fishing. This is where you put the bait out. Most will ignore it, but a few will bite. They take advantage of individuals that either don’t know any better, or just was not paying attention. There are four (4) types of phishing attacks:

#1 Pharming – I won’t go into details with how the internet works. Lets just say that you type a request into your browser and hit enter. The browser connects to servers. These servers actually make up the internet. Now, some malicious attackers can redirect some of the servers to feed you bad content instead of what you asked for. This attack is known as Pharming. Spear Phishing – Unlike regular fishing, spearfishing is used when you want to catch a certain type of fish. Likewise Spear Phishing is a personalized attack. Generally including your name and a little more research collected to make the attack more personable.

#3 Whaling – Unlike most phishing attacks, whaling attacks tend to go after much larger fish. Persons with larger bank accounts, executives, CEO’s. The common surfer generally will not be a target of whaling.

#4 Vishing – This is when someone calls your home or you call them from a scam on your computer telling you to call support. These support reps will try to get information out of you and remote onto your computer and find as much information that they possibly can and download it for their use. You usually get them by calling the 1-800# that the malware on your computer provides.

How to Avoid Phishing attacks…

The best line of defense is the first line of defense. Have Up-to-date Antivirus Antispam and Spyware software. Most Antivirus software that is any goodwill alert you if a website that you visited is “Phishy.” Norton 365, Avast and Bit Defender to name a few. According to PC Magazine, Windows Defender does not protect you as well as some of the Antivirus software in the market. And from personal experience and several computers that I serviced, McAfee does not seem to do much but watch the viruses come in the door and greet them with a smile.

That does it for my article. Below I will list 8 ways to prevent Phishing from Identity-theft As you know, AskSupportNow is working hard to gain influence in the IT Security Realm for the Metro-Detroit Area. For more information, please visit on the about page and ask for information on a free network assessment. If you enjoy our articles, please like us on Facebook, follow us on Twitter and connect with us on LinkedIn.


8 Ways To Avoid Phishing Scams

To help you protect yourself from phishing, we offer the following tips:

    • 1. Guard against spam. Be especially cautious of emails that:

      * Come from unrecognized senders.

      * Ask you to confirm personal or financial information over the Internet and/or make urgent requests for this information.

      * Aren’t personalized.

      * Try to upset you into acting quickly by threatening you with frightening information.


    • 2. Communicate personal information only via phone or secure web sites. In fact:

      When conducting online transactions, look for a sign that the site is secure such as a lock icon on the browser’s status bar or a “https:” URL whereby the “s” stands for “secure” rather than a “http:”.

      Also, beware of phone phishing schemes. Do not divulge personal information over the phone unless you initiate the call. Be cautious of emails that ask you to call a phone number to update your account information as well.


    • 3. Do not click on links, download files or open attachments in emails from unknown senders. It is best to open attachments only when you are expecting them and know what they contain, even if you know the sender.


    • 4. Never email personal or financial information, even if you are close with the recipient. You never know who may gain access to your email account, or to the person’s account to whom you are emailing.


    • 5. Beware of links in emails that ask for personal information, even if the email appears to come from an enterprise you do business with. Phishing web sites often copy the entire look of a legitimate web site, making it appear authentic. To be safe, call the legitimate enterprise first to see if they really sent that email to you. After all, businesses should not request personal information to be sent via email.


    • 6. Beware of pop-ups and follow these tips:

      * Never enter personal information in a pop-up screen.

      * Do not click on links in a pop-up screen.

      * Do not copy web addresses into your browser from pop-ups.

      * Legitimate enterprises should never ask you to submit personal information in pop-up screens, so don’t do it.


    • 7. Protect your computer with a firewall, spam filters, anti-virus and anti-spyware software. Do some research to ensure you are getting the most up-to-date software, and update them all regularly to ensure that you are blocking from new viruses and spyware.


  • 8. Check your online accounts and bank statements regularly to ensure that no unauthorized transactions have been made.

You should always be careful about giving out personal information over the Internet. Luckily, companies have begun to employ tactics to fight against phishers, but they cannot fully protect you on their own.

Remember that you may be targeted almost anywhere online, so always keep an eye out for those “phishy” schemes and never feel pressure to give up personal information online.



Your email address will not be published. Required fields are marked ( required )