Phishing attacks are mostly sent via email and prey on people’s trust and generosity. How can you know if you’re being scammed?
Phishing scams are as old as the internet. Some of them are obvious because they come with a deal that is too good to be true. Others are more complex, and prey on your kindness and fears.
Cybercriminals use phishing attacks because they work. They manipulate people into taking action — either to reveal sensitive information, click on the link in the email, or transfer money to their bank accounts.
A phishing attack mostly occurs via email, but there are many types you should know about. They include spear phishing, whaling, smishing, vishing, and angler phishing.
Find out how not to take the bait with phishing, below.
Spear phishing
Spear phishing is a sophisticated email scam. Instead of sending a bunch of emails that impersonate a certain institution, such as a bank or medical facility to as many people as they can, criminals tailor a message for you specifically.
First, the sender gets to know you.
They find out your name, your job title, who you work with, and anything else they can gather about you on your social media.
An email of this type is also more organic. It doesn’t include typical phrases that are linked to suspicious emails or typical templates that your email filter would otherwise redirect to your spam folder.
The message might urge you to make a money transfer, click a link, or download an attachment in the email.
These links and attachments from unknown senders might contain malware — a virus that gets downloaded to your device and steals passwords or enables cybercriminals to monitor your activity.
Be wary of emails that need something done urgently, put pressure on you to submit sensitive information, or transfer money to an unknown sender.
Whaling
Whaling works by imitating company superiors and sending emails with all sorts of requests.
Why does it work?
When you get a request from your boss, you generally don’t doubt it. You might reply to the CEO of your company and send them credentials required in the email. You might even transfer money upon their request.
Red flags to look out for include any demands that are out of the ordinary. For example, your boss might write you asking to send them confidential data such as sensitive information about you or other employees, credentials, or photos of credit cards.
The email you receive could also be from someone in the company with whom you don’t typically communicate.
For this scam, cybercriminals use email addresses that are similar to one that you frequently send within the company. Part of the email address might be similar, but the last part (domain) might be off.
If you suspect that something might not be right, double-check if your boss requested certain information before sending any sensitive information.
Smishing
Although phishing attacks are mostly done via email, you can be scammed over text too. The type of phishing that uses SMS is known as smishing.
Smishing texts are like emails that scammers send to get your data or encourage you to click on some kind of link. The text might be an alert from a bank that requires your immediate attention and contains the link you should visit right away.
Similar to smishing, vishing is also a phishing scam that’s done over the phone. The scammer replaces a text message with a call and is most likely to impersonate a bank worker. Phone calls can also be automated and request that you type in confidential information.
Remember that a bank would never ask you to send them your PIN or photo of both sides of your card — neither over email, SMS text, nor during a phone conversation.
Angler Phishing
Angler phishing is a relatively new type of phishing scam that relies on social media. Cybercriminals might impersonate a well-known brand or organization to contact you.
Scammers have noticed that consumers call out various brands on their social media accounts. This gave them the idea that they could pretend to be a specific company and try to offer unsuspecting customers assistance with any possible problems they’re having.
They may also have a fake brand account and wait until you contact them to file a complaint or request assistance with their service.
Always double-check if the company that sent you a message is verified. Anyone can create a fake account with the profile image with the logo of a specific company or profile image of a famous personality.
Also, if it’s too good to be true, it usually is — even with companies that have top-notch customer service.
How to protect yourself from phishing attacks
Recognizing common types of phishing can help you avoid being scammed. But most of us aren’t constantly on high alert, waiting for the next scam, and we might click on links in emails once in a while.
Phishing is considered social engineering — a type of attack which focuses on manipulating an email recipient. As such, it’s often combined with malicious threats such as malware and cyber-attacks on networks.
Therefore, you need email filters that don’t allow suspicious senders and messages to reach you at all. Also, you might benefit from tools that detect malware on your devices.
In case you accidentally clicked on a link in a phishing email or downloaded an attachment that contains malware, your device might already be infected. Trustworthy antivirus software can remove the virus from your computer or mobile phone.
Besides tools that can detect and mitigate malware or filter out emails that contain specific templates and language, you might benefit from employee training as a company.
Scammers might try to exploit untrained members of your team as a stepping stone into your organization. If your employees know what to be careful with, they can avoid common phishing attacks.
The main targets of phishing scams are, after all, people.
Related:
Komodor Workflows is about to speed up your Kubernetes troubleshooting – If you’re looking to accelerate your Kubernetes troubleshooting, the recently released Workflows feature from Komodor could be a step in the right direction