Cyber criminals have become very adept at using phishing as a means of stealing personal and financial information. Phishing messages are generally orchestrated through email and are basically bad actors pretending to be someone they think you will trust. Unfortunately, phishing is becoming more and more sophisticated and harder to spot, increasing your cyber knowledge and educating yourself regularly can help you feel more cybersafe.
What is Phishing?
A phishing scam is a message sent by a cyber criminal that is made to look like it is from a trustworthy source. The message always has an action item, whether it is to click a link, simply respond or provide sensitive information. Every phishing message has a sense of urgency and uses scare tactics to encourage you to act in the desired manner. For example: provide your banking information now or your account will be closed or click the link below to avoid the suggested fine. Once cybercriminals have your information, they can use it to steal your identity or open accounts in your name, both scenarios can be very costly.
Different types of phishing
Phishing refers to any attempt to steal information, whatever the means. These attempts can come in the form of an email, social media direct message, text message, or phone calls.
There are more specific versions of phishing that you should also know about:
Smishing and Vishing: In these attempts the telephone is used to replace the email. With smishing text message (SMS) are used with the same content as an email. Vishing is again similar but with a voice call, usually a recording.
Spear Phishing: Any electronic communication that is targeted specifically toward an individual or organization. Sometimes these attempts are not to steal information but to install malware on a specific computer.
Whaling: Is a phishing attack with a high-profile target like a senior executive in an organization or government department. In this instance criminals are attempting to imitate senior staff and the technique is more subtle, so malicious URLs are not used. The goal is still to get sensitive information, most commonly tax forms.
Spoofing: Is the use of a fake website that requests users to share their personal information.
Angler Phishing: Cyber criminals create fake social media customer support accounts that promise to help but secretly steal credentials instead. (This attack is named after the anglerfish that uses bioluminescent lure to entice its prey.) Never login to an account from an email.
What to look for in a phishing Email?
- The email is sent by a public domain.
- The domain name is spelt wrong. (For example: Harry@amznon.com)
- The email is poorly written.
- The email includes suspicious attachments or links.
- The message creates a sense of urgency.
- Payment information is requested. Most legitimate organizations will never ask you to reveal information through an email or text message. If you need help setting up a secure portal for sensitive information transfers visit https://www.heimdallportals.com/
The best way to protect yourself is to learn how to spot the bait and to always be aware. If a message doesn’t look right try contacting the sender through another platform to verify their request. Take opportunities to train yourself using educational videos, read up to date articles and always have cybersecurity in the back of your mind.