What is phishing and spoofing?
Phishing and spoofing are terms that are often used interchangeably. They are not the same, and as a business owner, it’s important for you to know what’s at stake should your laptop, PC or entire network become the target of either type of attack.
Differences Between Phishing and Spoofing
There is a misconception that phishing and spoofing are the same, based on nothing more than aesthetic similarities. Phishing and spoofing are different beneath the surface. One downloads malware to your computer or network, and the other tricks you into giving up sensitive financial information to a cyber thief. Phishing is a method of retrieval, while spoofing is a means of delivery.
What Is Spoofing?
Cybercriminals create perfect counterfeits of corporate emails to trick business owners into taking ill-advised actions. An official-looking email from an important service provider instructs you to take precautionary actions to protect your finances or reputation. Corporate logos and other distinctive graphics are easy for hackers to hijack and embed in emails. These professional graphic elements convince users that an impending threat can be suppressed by following the sender’s instructions, which usually entails clicking on a link in the message. In most cases the link executes a malicious file that damages your operating system and critical applications while it propagates throughout your network, placing your clients and vendors at risk.
How Is Phishing Different?
Phishing is a form of spoofing in that it deceives with legitimate-looking messages. Unlike spoofing, a phishing scam usually provides a link to a bogus website where the end-user is required to enter sensitive account information. The site may ask you to provide your social security number, tax ID or bank account information. Releasing this information could result in damage to your assets. Hackers are adept at HTML design and Web programming, so the untrained eye can be easily fooled. Fortunately, for the time being at least, there are a few telltale signs that give these scams away including suspicious URLs and unsolicited attachments.
If you receive a suspicious email, hover over the sender’s address and take careful note of the domain name. Smart hackers purchase a domain name that is a subtle variation of a legitimate URL, so look for minor misspellings. Sloppy hackers give themselves away with a URL that is completely off. Be wary of attached files; financial institutions will rarely, if ever, send these to their customers. If the message has a ".exe," ".scr," "zip" or ".bat" file attached, consider that a red flag and don't open it or follow any instructions. Call your service provider if you suspect an unscrupulous email. Your provider will welcome the information because it gives your financial institution a chance to protect the assets and identities of its customers.
Boats Group Stance on Phishing and Spoofing