A form of fraud, phishing occurs when an attacker tries to learn information, such as login credentials or account information, by impersonating a reputable individual via email.
Spear phishing is a form of targeted phishing wherein an individual is pursued to compromise their credentials or account information. It's hard to identify a phishing attack since spear phishing email messages are crafted to look almost exactly like a legitimate email; these email messages frequently bypass automated phishing protections.
However, certain indications will help you identify a phishing attack. Train end users to alert the IT team if they notice the following: Phishing attackers typically use bad grammar and often misspell simple words. These cybercriminals also include hyperlinks. In a suspicious email, hover your mouse on the link, but don't click, to see if the address matches the link. If the message includes a threat of some kind, usually that your account will be closed if you do not respond, it is most likely a phishing attack. Beware of graphics in the message body that appear to be associated with legitimate websites.
To protect against phishing, users should alert their administrator before they open email messages that look suspicious, and before they click on any links within suspicious email. Another way to avoid phishing is by installing an antiphishing toolbar that assesses the site and compares it to a list of known phishing sites. Also consider firewalls as a buffer that keeps imposters out of your users' computers. End users need to be more aware of the risks from phishing email messages because human evaluation is more accurate than automated tools in many instances.
After you identify a phishing attack, learn how a buffer overflow attack can overwhelm your memory space.
Text by Nick Lewis (CISSP), a Program Manager for Trust and Identity at Internet2.