Phishing: All You Need to Know
It’s never been more important in the digital age to be aware of the different types of scams cybercriminals are using to target and defraud victims.
Traditional scams such as spam mail or spam phone calls are easy to avoid and identify. Unfortunately, as technology has evolved, the types of scams cybercriminals use have become ever more complex and easier to fall victim to.
For example, it's common for cybercriminals to use targeted personal information such as an individual's bank account number, address, or social security number (SSN) to build rapport and to pose as a legitimate organization.
Scams that use this personal information are known as phishing.
What is Phishing?
Phishing refers to a scammer posing as a legitimate institution to lure individuals into providing confidential, personal, and sensitive data such as credit card details, banking information, and passwords.
Phishing scams are sophisticated and can be deceivingly credible. For example, phishing emails can be personalized to a specific individual and can often come from email addresses that resemble legitimate businesses and companies.
Who is at Risk of Phishing Attacks?
Unfortunately, anyone can be a target of a phishing attack. If a scammer can locate and find a person's contact information, they can add this person to their phishing targeting list.
Contact information is easier to locate these days, particularly with many people's phone numbers, email addresses, social media accounts, and sometimes physical addresses available with a simple Google search.
What Are the Different Types of Phishing Attacks?
The most common type of phishing attack is known as email phishing. Email phishing normally involves a cybercriminal registering a fake web domain that mimics a genuine company or organization. Common types of phishing email include:
- Emails being sent from a public domain such as Gmail. For example, an email coming from email@example.com is not a legitimate email address.
- Emails that contain a strange or unexpected attachment. These attachments usually contain malware that can infect a computer or device when the attachment is opened.
- Emails that create a sense of urgency. These emails typically include the sender of the email asking the victim to act before it's too late. These emails include phrases such as 'unexpected activity detected' 'your password has expired,’ ‘your billing details need updating.’
These phrases are used to get the victim to take action on the specific request contained in the email and usually involve an individual handing over sensitive information such as their credit card number or account login information.
Email phishing campaigns usually target thousands of individuals at a time and often come from email addresses that mimic big companies such as Amazon, Netflix, or PayPal.
Spear phishing is a type of phishing tactic that cybercriminals use to target specific individuals. These campaigns usually involve malicious emails being sent to a specific person, such as an employee of a specific company or an account holder of a particular service.
In the context of targeting an employee, cybercriminals will usually have access to the target's name, place of employment, job title, email address, and even specific information about their professional role.
Having access to this level of personal information makes it easier for a scammer to appear legitimate. This makes it more likely for the person they're targeting to respond and give them the information they need.
Whaling is a type of phishing scam that cybercriminals use to target senior executives instead of employees. Instead of focusing on certain requests or low-level scamming tactics, whaling usually involves a scammer using sophisticated tactics to get access to the most valuable information possible.
Examples of this include attaching fake tax forms to gain an executive's personal or business bank account details or sending spoof emails pretending to be a client or a vendor that the executive or the company they represent utilizes.
Whaling is similar to spear-phishing in the sense that whaling campaigns target individuals, but the main difference is that these individuals tend to be high-ranking.
If a scammer can get hold of a senior executive's personal or financial information, they have the chance to scam significant amounts of money, particularly if they gain access to companies' business accounts or financial assets.
Smishing and Vishing campaigns
Smishing involves cybercriminals sending text messages to a target, while vishing refers to a cybercriminal using a phone call to get the information they need from the person they’re targeting.
Smishing text messages often contain similar content to phishing emails and will contain similar phrases such as ‘your password has expired and needs resetting,’ ‘unexpected activity has been detected on your account.’ These text messages will then contain a link that a target will press to fulfill the request.
Vishing phone calls usually involve a scammer posing as an individual from a legitimate organization that the person targeted may use. For example, a scammer may pose as an employee of a financial institution to get the account or card details of the person they are targeting.
Read More: Robbery Statistics in the US
Most phishing scams can be avoided by trusting your gut feeling and using common sense. Some best practices to avoid falling victim to phishing scams include:
- Avoid clicking links or attachments from phone numbers or email addresses you don't recognize.
- Avoid providing sensitive information such as banking information over email.
- Only provide sensitive information over the phone if you're 100% sure of the identity of the person you're speaking to.
- Never provide passwords, personal information, or financial information to a phone number or email address that looks suspicious.
- Protect your passwords by using 16 characters or more and investing in password management software so you can use a different password for every account.
- If you're unsure if an email or phone call is legitimate, get in touch directly with the organization the scammer is pretending to represent to check if the request is legitimate.
- Regularly check your bank statements and credit reports for signs of fraudulent activity.
By trusting your instincts and keeping an eye out for any suspicious signals, you can make sure that your personal and sensitive information remains safe and secure.
ABOUT THE AUTHOR
Keith Morris is a 20+ year veteran of the security game, with the knowledge and experience to set you on the right track toward personal safety and security. His firm is committed to giving you the tools and know-how to combat any threat to your safety.
keith morris // Security Expert
Last Updated on