Over the years, we’ve discussed all kinds of scams. When talking about the specifics of many of these scams, the approach of phishing has come up repeatedly.
Even if you don’t know the exact term for it, you probably already know a phishing scam when you see one. To make sure you do, the following is a refresher on standard phishing practices, and what those scammers tend to be after.
What is Phishing?
Phishing is a cybercrime, intended to gain access to personal information and/or computer networks. It most often starts in the form of a “baited” email. (Or a text. In that case, the attack is referred to as smishing. This plays off of SMS, or Short Message Service, which is just another way to say texting.)
Basically, the bait is anything that could tempt you to click on a link or reply with personally identifiable information. It could be anything from claims that your bank account has been compromised to a request for documents from your boss to demands for personal information from the IRS. Want to see sexy pics of a celebrity? You are bound to be unpleasantly surprised.
When it comes to links in the body of an email, a scammer’s intent is often to upload some sort of malware or ransomware into your computer and its network. Or, it could take you to a spoofed version of a website, where you could enter a user name and password. Then, the scammer has it.
Alternately, you may be compelled to reply to an email with information that gives a scammer access to sensitive areas of your company or personal life.
Who Does It Target?
Everyone who goes online and has an email address is vulnerable to phishing attacks. Lots of scammers send out the same fake email to millions of people at the same time. By doing it that way, the odds are pretty good that at least some of those targets will find the content relevant and follow through with the scammer’s demands.
But there are more precise approaches, as well. There are a couple of specific subsets of targets, with their own classifications:
- Spearphishing: This kind of phishing attack is designed to target specific individuals, or groups of individuals. These could be people who all work at the same company, people who have shopped online at the same place, etc. The content of the email can feel particularly compelling in its specificity.
- Whale Phishing: This phishing attack targets individuals in high, powerful positions in an organization. In this case, scammers target CEOs, HR managers, and other executives with clearance to access high-level, sensitive information.
How Do I Protect Myself from Phishing?
You may not be able to stop an attack from happening in the first place. But you can act in a vigilant matter to ensure that that attack goes nowhere. Before you click on anything in an email:
- See if you recognize the sender.
- Hover your cursor over a link without clicking on it to see if the destination is actually what it says it is.
- Be mindful of the language used. If the sender appears to require quick action on your part, be wary. Such language is designed to evoke panic and acting without thinking. And, of course, generally bad spelling and odd grammar also tend to be giveaways.
- If you still aren’t sure–the email looks official, but you have a bad feeling anyway–go directly to the supposed source of an email. Don’t click on anything in the email. Instead, contact your bank, your boss, or government entity by phone or through their website to determine the legitimacy of an email’s request.
- Try to verify the legitimacy of an unknown email address, and discover the person or entity behind it, by looking it up online.
Phishing is likely to continue as a tool for scammers for the simple reason that it continues to work. But that doesn’t mean it has to work on you. As long as you stay calm and be cautious, phishers will have no way to catch you.
Want more information about phishing, smishing and other kinds of cyber crime? Read all about them on the PeopleFinders blog.
Image attribution: wk1003mike – www.shutterstock.com