Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.

Article Number: 000146496


Recognizing And Minimizing Phishing Exploits

Summary: This article serves to clarify the terms and explain the manner in which social engineering can impact a person or company, and offer some suggestions on how to safeguard sensitiveSee more

This article may have been automatically translated. If you have any feedback regarding its quality, please let us know using the form at the bottom of this page.

Article Content


Symptoms

Social Engineering – Recognizing Phishing / Whaling attempts

 

SLN293670_en_US__11 Social Engineering

 

What is Phishing?

Phishing is the act of fraudulently contacting multiple individuals or companies, in an attempt to obtain unauthorized access to sensitive and/or personal information. Phishing is a broad attack, using general information to elicit a response from a targeted entity rather than specifically targeting any one individual. Using generalizations in the attempt allows the attacker to seem trustworthy through familiarity without having any specific details about the targeted entity. The request to obtain information may seem trivial at the time, but any information obtained could be used later in an attempted theft of a victims actual important information. Successful Phishing attempts may lead to Spear Phishing attacks.

 


What is Spear Phishing?

Spear Phishing is the targeting of a specific individual in the hopes of obtaining sensitive and/or restricted information. Similar to Phishing, but this attack is targeted to a specific entity that the attacker already has some level familiarity with. Attackers may use information obtained through a Phishing attack and will usually already know the name, address, email and phone number of the victim prior to the initial contact. A Spear Phishing target can be given seemingly confidential information to build a trust relationship with the target. This information usually comes in the form of a seemingly trustworthy source prior to any information being requested, and ultimately leads to data theft. Successful Spear Phishing attacks may lead to Whaling attacks.

 


What is Whaling?

Whaling is a term used for corporate level Phishing attempts. Taking the Spear Phishing approach to a higher level, Whaling targets are usually in upper level management or hold access to very valuable restricted information. Many of the same Spear Phishing tactics are used in Whaling attempts, but the attacker will be very familiar with the target prior to making contact. Communications will appear highly professional.

 


What can I do to help protect myself from Phishing exploits?

  1. Don’t respond to any e-mails that request personal and financial information. Contact the company directly if you are suspicious of an e-mail
  2. Visit websites directly through the browser URL bar, not via links in an email
  3. Keep a regular check on your accounts and don’t recycle passwords
  4. Make sure any web site requesting personal information is secure. https should be at the beginning of the Website URL address on any site where you enter personal information. The "s" in https stands for secure. If you don't see https, it is not a secure site, and you should not enter sensitive information
  5. Help keep your computer secure by using up-to-date security, malware and anti-virus software's
  6. Avoid entering personal or financial information into pop-up windows since they are not always secure
  7. Keep your Microsoft® Windows® software up to date with automatic Windows Update
  8. Don't open unexpected file attachments received in e-mail. Similar to fake links that redirect to an attackers resource, attachments are often used in fraudulent e-mails and can be dangerous. Opening an attachment in a phishing e-mail could cause you to download spyware or a virus
  9. If in doubt always request, and validate the credentials of the person and/or company that is contacting you. Again, contact the company directly I you have concerns rather than responding to a request for information
  10. Links like www.faceb00k.com should not be misread as www.facebook.com. Validate the legitimacy of links by ensuring the link is genuine and has not been slightly altered to resemble a familiar website while actually redirecting to a malicious website. Common substitute values include "O" instead of "0" , " 1" instead of " l " or " 8 " instead of " B ". If in doubt, double check before providing secure credentials

 

NOTE: Suggestions for avoiding Phishing exploits are provided in an attempt to help ensure sensitive data isn't put at risk unnecessarily. It is not intended to be a comprehensive guide or address all possible exploit variations (ie, some social engineering exploits are performed in SMS text or in-person rather than email). Vigilance in safeguarding your sensitive data applies to all avenues of contact.
 
 

 

 

Cause

No cause associated.

Resolution

No resolution associated.

Article Properties


Affected Product

Security

Last Published Date

19 Aug 2021

Version

4

Article Type

Solution