Phishing - What is it? How to Prevent Phishing Attacks
Phishing is a cybercrime designed to obtain access to your online accounts, banking/credit card details, passwords, and other personally identifiable information. You could receive a phishing scam via email, phone, or text message. Learn how to prevent phishing attacks.
In today’s technology age, it’s almost impossible that you haven’t come across a phishing scam. In fact, you may have a phishing attempt in your email (or your spam inbox) right now. While it’s unlikely that phishing scams will go away any time soon, there are ways to prevent yourself from becoming a victim.
What is Phishing?
Phishing is a cybercrime designed to obtain access to your online accounts, banking/credit card details, passwords, and other personally identifiable information. You could receive a phishing scam via email, phone, or text message.
The attacker sends messages that appear to come from an organisation you know or have an account with. These messages will include malicious links which, if clicked on, can install malware, freeze your system in a ransomware attack, or reveal your sensitive information.
Phishing scams are often seen in corporate environments, as one employee falling victim to an attack can allow cybercriminals to bypass entire security systems. They’re able to gain access to confidential data this way and can cause significant damage to the corporation that experienced the attack.
Types of Phishing Scams
There are a variety of fishing scams that you need to be aware of to keep yourself safe online. These five phishing scams are the most common, and you’re likely to encounter at least one of them in your lifetime.
- Email phishing
Phishing attacks are most commonly sent by email. Creating a fake domain name that looks like an authoritative organisation is quick and easy for cybercriminals. They can then send thousands of generic requests out via email to obtain sensitive data from victims.
- Smishing and Vishing
Smishing and vishing use telephones rather than emails to complete phishing attacks. Text messages or phone calls with similar content to phishing emails will be made in the hopes you’ll interact with them.
- Spear phishing
Spear phishing is highly targeted. While it is still a version of email phishing, spear phishing skips the generic requests and can include your name, place of employment, job title, and other identifying information. Spear phishing is most commonly seen in the corporate world.
Whaling takes spear phishing tactics and makes them even more targeted. The end goal is the same as other phishing attacks, but the writing and overall technique are more subtle. You won’t find links in these emails. The cybercriminal will imitate an executive in your organisation and ask for a favor.
- Angler phishing
The newest type of phishing, angler phishing takes place on social media. Fake URLs, posts, tweets, and instant messages can easily convince you to give away sensitive information. As organisations have seen an uptick in complaints on social media, this phishing attack has become more popular.
How to Recognize Phishing
While all of this sounds scary, there are ways to recognize phishing attacks and keep yourself safe on the internet. If you receive an unexpected email or text, here’s how you can identify it as a phishing scam. These emails and texts commonly:
- Mention suspicious activity or log-in attempts.
- Claim that there’s a problem with your payment information or account.
- Ask you to confirm personal or financial information.
- Include an unexpected invoice.
- Ask you to click on a link for payment.
If you notice these warning factors, there are likely others in the email, text, or phone call. Here are some other common signs of phishing attacks:
- The domain name of the email sender is not the appropriate company domain name.
- The links, when hovered over, don’t lead you back to the appropriate company website.
- Grammar or spelling errors may be included, as well as unprofessional graphics.
- Generic greetings will be used in place of personalization.
If you aren’t sure if an email, text, or phone call is a phishing scam, the best way to handle it is to reach out to the organisation directly (not from the sent email or text) and ask for clarification.
To prevent phishing scams via phone, a caller ID and spam-blocking software can prevent you from even seeing or speaking with scammers on your phone. They block texts and calls that may lead you to give out personal information to unsafe parties.
How to Prevent Phishing
You can protect yourself and your organisation from phishing emails, texts, and calls in a few steps.
- Download and install a caller ID/spam-blocking app (also for text messages) like Truecaller. People that use Truecaller are constantly identifying scam calls in real-time, which helps the entire community of 330 million people avoid scams like these.
- Use two-factor authentication online. This way, even if your data is compromised, cybercriminals won’t have enough information to gain access to your accounts.
- Change passwords frequently and use strong passwords that you haven’t used before.
- Update your laptops and cell phones regularly to ensure security is up to date.
What to do if you have been a Phishing Attack Victim
Apart from staying vigilant with Truecaller, if you do fall victim to a phishing attack, know that you’re not alone. It’s important to work quickly if you think a cybercriminal has information like your Social Security number, bank account number, or credit card info. You can go to IdentityTheft.gov to get specific steps to protect yourself based on what information was compromised.
You should also update your software on your phone or email and run a security scan to determine if any malware has been placed on your device.
If the phishing scam has put your organisation at risk, reach out to your IT department for clarification on how to best handle the situation.