Have you ever received a message from what looks like to be your bank, but the message is just a little bit off? Is their logo weirdly pixelated, or is the text within the message formatted weirdly?
First, don’t interact with that message. Second, you might have just become a target of a phishing attack. But don’t panic just yet – in this article, we’ll examine what phishing attacks are, what damage they can do, the usual methods of attack, and how you should protect yourself.
Phishing: What Is It and Why Should You Care?
Phishing is a social engineering (a technique to make someone diverge their private information) tactic that aims to lure you into giving someone else access to your devices and accounts, such as your laptop or Facebook account.
Bad actors, usually known hackers or cybercriminals, pretend to be a trusted company or someone you know to earn your trust. In turn, they hope the trust they’ve established will lead you to let your guard down, allowing them entry into your devices/accounts.
If you think this reminds you of an episode of Catfish, the MTV show, you’re not wrong – in the show, real people pretend to be someone else for romantic purposes. When it comes to phishing, people are pretending to be someone else to get valuable data out of you. For further insights and examples, refer to the comprehensive guide on Phishing Emails That Fly Under the Radar.
Here are some examples of what kinds of data phishing attacks try to steal:
- Your full name, date of birth, social security number;
- Your bank account information;
- Your login information for social media accounts;
- Your address.
What Does Phishing Look Like?
You can’t protect yourself when you’re not sure what to look out for. Here are the most common examples of phishing attacks:
-
- Phishing emails: It’s usually an email with a link you’re asked to follow. Just like the bank message we’ve mentioned. In this case, you’d open the link and provide your information about what you think your financial institution is. But just like that, hackers would get a hold of the information you’ve entered into their fake website.
- Domain spoofing: In this instance, an attacker would impersonate a valid and trusted email address of something like a bank. These scams take an honest company’s domain (ex: @america.com) and change it. But if you don’t inspect the email that sent you a message, you could engage with “@arneria.com” and fall victim to the scheme.
- Voice phishing: If your mom called you, but she sounded a bit off, would you be concerned? That’s what voice phishing is. Someone calls you pretending to be your loved one or friend and asks you for personal information, hoping you don’t notice that their voice or manner of speech is just a bit unusual.
-
- SMS phishing: Similar to voice phishing, in this scenario, you’d receive an urgent message from someone pretending to be a company, asking for your personal information to “validate a payment you recently made” or something similar. If you respond, you’ve just unknowingly given away your bank details to a stranger.
- Social media phishing: This is when hackers use social media to lure you into a trap. It can include free giveaways or sketchy “official” company pages with urgent requests.
Phishing: Protect Yourself From Attacks
You’ve made it to the most crucial part of this article. Let us tell you how you can protect yourself and your loved ones from falling victim to someone’s phishing attack attempt.
- Use common sense before handing over sensitive information: When you get an alert from your bank or other major institution, never click the link in the email. Instead, open your browser window and type the address directly into the URL field to check if the site is authentic.
- Invest in a VPN: While a virtual private network won’t stop your hand from typing out your information somewhere, it’ll block the majority of suspicious websites before you even get the chance to open them. VPNs offer many more benefits, and you should learn more about them to get the most out of them.
- Don’t trust alarming messages: Most trusted companies will never request personally identifiable information or account details via email. This includes your bank, insurance company, and any company you do business with. If you ever receive an email asking for account information, immediately delete it and then call the company to confirm that your account is OK.
- Never open attachments in suspicious or strange emails: Especially attachments such as Word, Excel, PowerPoint, or PDFs.
- Avoid clicking embedded links in emails: Be careful when receiving messages from vendors or third parties; never click on embedded URLs in the original message. Instead, visit the site directly by typing in the correct URL address to verify the request and review the vendor’s contact policies and procedures for requesting information.
- Regularly update your software and operating system: Windows OS products are often targets of phishing and other malicious attacks, so be sure your systems are secure and up to date. Especially for those still running anything older than Windows 10.