Introduction to Threat Encyclopedia

The Threat Encyclopedia is where we arm you with knowledge to help you understand and avoid malware.

This isn’t an in-depth analysis of malware code but instead covers the basics and helps you understand the threats AVG security products help protect you from.

What is Phishing:

Phishing is an attempt to gather information from a user by contacting them in the guise of a company they would trust.  An example of this “bait” would be an email which seems to be from their bank, phone service provider or social network. If the user mistakenly believes the email is legitimate, they may surrender their username, password and other personal details thinking they are dealing with the legitimate entity.

Due to the topical nature of Phishing, well executed scams are hard to recognise. Many Phishing scams revolve around current affairs such as the Olympics, the end of the tax year, or Valentine’s Day.

Types of Phishing:

Spear Phishing: When the “bait” is specifically targeted to the user. This means that rather than pretending to be from a popular site such as eBay or Facebook, the message is received from someone probably known to the user, perhaps even in the same organisation. An example would be receiving an email from a close friend or colleague saying they’ve sent you a “private message”. You click the link to view the message and are prompted to sign in with your email information.

Clone Phishing: A phishing attack in which a legitimate, previously delivered and legitimate email (with an attachment or links) is copied or cloned by a fraudster who then replaces the attachment or link with a malicious one.

Whaling
Similar to a regular Phishing attack but more targeted. Whaling attacks are directed specifically at senior executives or other high profile targets. The name Whaling comes from the idea of landing a “big catch”

Staying safe from Phishing:

You can protect yourself from phishing scams by considering the following tips:

• Be skeptical of any unsolicited electronic requests for you to verify or update account information, or to click on or download information – even if it appears to come from a known business or organization;
• If you suspect a phishing scam, delete the email immediately and do not click on any links or download any attachments;
• If your receive an odd electronic request for information, independently contact the business or organization via phone to determine if the request is legitimate;
• Ensure your computer has up-to-date anti-virus and malware protection software installed and perform updates regularly;