Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.
Phishing Overview
“Phishing” refers to an attempt by a cybercriminal to trick people into exposing sensitive personal information to the hacker, like financial information or logins and passwords. Phishing scams allow hackers access to this information, potentially through a virus delivered when the victim clicks a link or downloads an attachment in an email.
The hacker can then use this information to commit identity theft or fraud, or they may sell this information to others. A successful phishing attack can result in not only the victim’s information being exposed, but also that of unknowing clients, users, or others who have entrusted their data to the victim of the attack.
According to the Federal Trade Commission, over the course of a single year, over $30 million was reported as lost as a result of phishing attacks to the FBI’s Internet Crime Complaint Center.
How Does Phishing Happen?
Phishing can occur through a seemingly innocent email, text, or even phone message. Data thieves are constantly updating their tactics to steal information from unsuspecting victims; one of the more common examples is the use of a “phishing” email.
In a phishing email, the scammer will set up what looks like a legitimate email. The details of the email will depend on the intended victim; personal emails will often reference lucrative offers, while emails to employees of companies that house personal information may attempt to come off as from another department or unit.
According to Phishing.org, phishing emails have some common features:
- Attachments that may contain viruses, such as ransomware
- Deceptive hyperlinks
- Suspicious sender email addresses
- Great deals or offers
- Threats to suspend accounts
- Time-sensitive offers or urgent deadlines
Additionally, cybercriminals attempting to perpetrate a phishing attack may use deception to make the email look legitimate. It is important to closely inspect unexpected email messages; sometimes hackers use emails that look legitimate, but contain suspicious domain names upon further inspection.
Content within the phishing email may also be hyperlinked; however, the hyperlink may not match up with what the content says and actually contain a virus.
Any of the above items can be a red flag, warning would-be victims of an attempted phishing scam. In addition, phishing emails may be sent at an unusual time or have a very general or irrelevant subject line.
How Can Phishing Be Stopped?
Phishing can be stopped through increased data security measures and training. An individual can become aware of red flags in an email that may be a phishing attempt to protect their own information, as can employees who potentially have access to thousands or even millions of peoples’ personal data.
Individuals and entities, such as companies, government agencies, and other institutions can also increase technological security measures. Individuals can use email filters to scan for potential phishing attempts and anti-virus software. Entities, especially those that collect large amounts of sensitive personal information, can also implement data security and backup measures.
It is imperative that all business entities train employees to identify potential phishing emails.
Dangers of Phishing
The term “phishing” is a play on the common word “fishing.” It refers to the way a hacker is trying to bait a victim and lure them into exposing sensitive personal information.
Data breaches are a common goal of phishing scams. Hackers are seeking to access sensitive information, such as names, financial information, passwords, social security numbers, addresses, and much more. They can either commit identity theft and fraud with this information, or sell it on the dark web to others seeking to do the same, or both.
Ransomware is a type of computer virus that can be delivered through a phishing email. Ransomware specifically refers to a virus that shuts down access to a database; hackers then blackmail the owner of the database with the threat of losing access to their data for good, unless they pay.
Recently, a number of hospitals and other medical facilities around the country have been subject to ransomware attacks. Hackers correctly surmise that these facilities are dependent on access to patient records to function and offer care. Unfortunately, ransomware attacks are correlated with a higher incidence of heart-related complications and even death in hospitals.
In the face of these attacks, some medical facilities have improved their data security methods and created backup databases to ensure no pause in care should they become the victim of ransomware. Other have purchased ransomware insurance. But many healthcare facilities had to pay the ransom for their data.
However, not all facilities have done so and patients who have suffered from canceled appointments, lost records, or other disruptions say that the companies that run these hospitals and other medical centers should have done more to protect themselves.
