Phishing: how to avoid the hook
In today’s technological world, life has become almost seamless in terms of finding information online. From banking to shopping, you have access to all your information and can do almost anything through the touch of a screen. Unfortunately, fraudsters and scammers also know this and want that same easy access to your private information.
What is phishing?
Named after actual fishing, phishing is when scammers attempt to get you to give out your private information, such as account numbers, passwords, or your social security number, by pretending to be a representative of a company you do business with or someone that you know. Fraudsters put out their “bait” in the form of emails, text messages, phone calls, or websites to get you to bite and give out your details, and then they reel you in and it’s all over.
It can be as simple as taking your phone number and putting you on a call list, or as dangerous as people having access to your credit card or account information and stealing money from you or opening loans in your name. It can be stolen from a form that you put your information into, or it could just be a dummy link that is used to pick up your device’s information to have access and take whatever they need from you. Your stolen data can lead to identity theft, fraudulent charges, ruining your credit score, and much more.
Phishing emails are the most common way that fraudsters try to get your information. The attempts can be specific to one person, such as an email from your bank saying you need to update your contact information, or they can target groups, such as employees in a company hoping someone will click a link and provide access to the company’s data.
This being a lucrative way for these scammers to get access to your funds and private information, they have developed plenty of different ways to secure their catch.
Actual spear fishing is probably the simplest form of fishing. All you do is take a spear, pick a fish, and hope that you hit your mark. Spear phishing, in a way is the same. It is a targeted attack on one individual, group, or business, usually by email. The scammers can target anything from your IP address, personal information for you or your customers, or account information to access funds.
The attempts can be as simple as filling out a form to update your login information, or a text message from your phone provider saying that you’re getting a $200 refund and they need your account number to deposit the money.
Though spear phishing is a targeted attack on your information, it can be even more focused. Whaling goes for the “big fish” in an organization, directing their efforts to the directors, VPs and C-Suite members attempting to get information such as the company’s bank account number.
For example, an email from the IRS saying that you need to send in your company’s bank account number to receive a refund, or even asking for a payment from the company’s bank account to get that information another way.
But what if a spear is too big or precise for the fish that you want? Maybe you don’t want to target anything specific and just want to grab anything that you can from the water? In cases like that, fraudsters start using more broad approaches, like a net.
Smishing is one of the nets that can be used in this case. Like whaling and spear phishing, the information that they want is usually the same, but the delivery method is what changes. The fraudster attempts to catch you off guard through a more casual method, like a text or push alert on an SMS service.
The logic that they follow is that since text messages are easy to respond to and there aren’t many ways to check the legitimacy of a link through your phone, people will be less cautious and get caught in the net.
An example of this is a message saying your account has a payment due, or that you won a gift or account credit and they need information they should already have.
Vishing (or voice phishing) is the other net used to try and trap you. It is as simple as spam calls attempting to catch you off guard by having an actual person make you feel more comfortable by talking to a friendly human.
It could be as innocent as asking you to confirm your credit card number or username/password, and can lead to all your information being taken.
Some examples are phone calls stating that your car’s warranty or registration expired early, and they need you to pay to reinstate it, or phone calls saying you won a stay at a hotel and all you need to give them is the information to book the stay.
Search engine phishing
So far, all the methods here are about the scammer going out of their way to find and catch you. But what about the classic idea of fishing, putting some bait on a hook and waiting for the fish to bite? This is how search engine phishing works.
Search engine phishing or website phishing is arguably one of the harder ones to catch. These are websites that are made to look legitimate, either being copies of a company’s actual website, or the fraudster’s own website that sells something or provides a service that is not real. Fraudsters will go through the trouble of getting their websites to show up on the first page of your search to get you to click on it unknowingly and compromise your information.
These websites can be almost anything, but financial, social media or shopping-related sites are the most common culprits for this type of phishing.
Tips to be safe from phishing:
- Never click on links or attachments unless you recognize the email address or phone number
- Most companies will not ask for passwords or other personal information over email, phone, or SMS
- If you receive any type of “update” message that you didn’t initiate or expect, reach out and double check with the company that sent it separately from the attempt that you received
- Check link URLs by hovering over them to see if they go to a website that you know or that looks real
- Avoid generic email that requests detailed information (i.e., it is addressed to “Our valued customer”)
- Look for grammatical errors or spelling mistakes in the message itself
- Keep your devices up to date with the latest operating software
When it comes to staying safe from phishing attacks, knowing is half the battle. If you understand how the fraudsters operate and the different methods they use to get to you and your personal information, it will keep you safe from phishing attacks and getting caught hook, line, and sinker!