September 11, 2019 | 7 min read
Phishing: Easy to Execute, Hard to Detect
Successfully posing as someone else is not only uncommon in real life, it’s also difficult. Impersonation online though, is a regular occurrence, as it’s easy to hide behind anonymity. Criminals send millions of emails every day, where they pretend to be legitimate companies or government agencies. You may have seen examples of these in your inbox.
These messages can trick unsuspecting users into giving away personal or financial information. That is called phishing. But, how exactly does that work, how can you spot a phishing attack and protect yourself? Let’s find out!
What is phishing?
Phishing is a series of fraudulent activities aimed at stealing personal data and getting money through the obtained information. Fraudsters use different kinds of tricks that often force users to disclose sensitive information on their own. They perform mass mailing (spam), send messages from financial and government institutions, social networks, create fake landing pages, pop-ups, ads, etc.
The number of phishing attacks increases each year, as fraudulent schemes have become more complex and sophisticated. Unfortunately, most users are unaware and don’t follow basic cybersecurity rules.
Signs of phishing
From a technical standpoint, phishing is the simplest method of cybercrime. It’s also one of the most dangerous and effective methods, enabling cybercriminals to easily gain access to personal data.
Here’s what to look out for, in order to identify if you’re being phished:
- A suspicious text or voice message that asks for personal data
- A URL that doesn’t look correct
- A message or email that says “You won something”. This can be used to get access to your banking details
- A message or email that contains a threat, as fear is a key factor, used to scam a victim
Types of phishing
Spear phishing is a type of cybercrime that involves email. It is a customized attack on a specific person or a company. The attacker sends an email from a trustworthy source to get the attention of a potential victim. Its purpose is to redirect you to a malicious website aimed at obtaining sensitive information.
To avoid that, you can do the following:
- Inspect the sender of the email and the link attached
- Do not click any suspicious links and do not open any attachments
- Keep your passwords protected and don’t use common passwords
- Ensure your computer is protected with antivirus software
Whaling is a targeted attack on an organization. The goal is to steal sensitive and financial information. These attacks tend to be more believable, as a scam email appears to come from someone senior in a company.
Here are a couple of tips to avoid whaling attacks:
- Make employees aware of whaling attacks
- Flag the suspicious email that comes from outside of the company
- Exercise a data protection culture in the company
- Set-up a two-step verification process
The aim of vishing attacks is the same, however, it involves a telephone conversation. The possible victim receives a generated voice message, indicating suspicious activity on a credit card account. The victim is asked to call a specific phone number to verify their identity. On the call, criminals will ask the victim to provide payment details or to transfer money into a “secure” account—which is actually the criminal’s account.
Here are some simple ways to protect yourself against vishing:
- Do not share sensitive information over the phone
- Call the bank to verify the information, in case you get a suspicious message
How to prevent phishing?
Here is a list of security tips that can help you avoid any type of phishing:
- Never share your personal information with strangers. That includes financial information, such as bank account numbers or SSN, contact information like your address, phone number or email—and never give out your passwords.
- Do not pay anyone you haven’t met in person. Often scammers ask to make a transaction with third-party credit cards or make payments with gift cards.
- Beware of suspicious messages. That includes emails or messages with typos that ask for personal information or claim they can reset personal information by clicking a link.
Listen to your instincts. If something doesn't feel right, double-check the information and make sure it is not a scam.
H2: What to do if you responded to a phishing email?
- Take a deep breath
- Change your passwords
- Report the phishing
- Scan your computer for viruses and malware
- Protect yourself from further fishing attacks
It is important not to get lured in, know how to identify a phishing email, and be aware of the signs that point to phishing. If you think you’re being phished, now you know what to do.
Remember, phishing is just one of the many cyber threats that exist. While the main way to secure yourself from phishing is to be cautious, some other online threats can actually be reduced with automated tools. Be sure to protect yourself!