“Congratulations! You have won $500,000!
Please click the button below or open the attached file to claim your prize.”
Phishing presents itself in many ways, from emails to phone calls to text messages. But it always work the same way; by attempting to lure you into performing a certain task with the appeal of something enticing – be it a free iPad or bucket loads of cash.
In this case, you’re encouraged to click the button or download the file attachment – both of which will contain phishing malware that will install itself onto your device. And if you’re not aware of these risks – and many internet users aren’t – you might not even be aware of what’s happened.
The truth is, many of us are unprotected and unprepared.
In real life, would you ever tell someone your banking PIN or SSN number? No. Yet many people openly disclose this information to scammers online in phishing scams without even realizing it.
So what exactly is phishing, and what can you do to prevent it?
Phishing is an easy way for cybercriminals to steal your personal information, such as credit card numbers and account passwords, even if they don’t have the skillset to hack your network and steal that information. In most cases, scammers are able to convince or coerce their victims into giving over their information willingly.
It’s extremely important to protect your personal information, especially sensitive things like your Social Security number. SSNs are nearly impossible to replace, and once a scammer has yours, they can use it indefinitely for a wide variety of crimes.
Phishers may contact you through a fraudulent email, phone call, or a fake website. They often disguise themselves as reputable companies, such as a bank, cell phone service providers or a social media account or website for a major brand, and try to persuade you into divulging your personal information.
They are often trying to collect personal details like your address, credit card number, passwords, phone numbers, and even your insurance numbers.
Generally, phishers will claim the victim has won something, they are missing out on a limited-time deal or they are facing a final warning that an account will be removed if he or she does not enter their login credentials.
Recently, many individuals in the US and Canada have been targeted by revenue agency scams where scammers claim the individual has unpaid tax debt. Too many people fall victim to these scams for one reason or another, usually out of fear for having broken the law.
Say you receive an email from Amazon, a site you visit frequently for online shopping. The email is actually fake, but you don’t realize it at first. After all, it looks official with the company logo in the corner, and the tone sounds a lot like other emails you’ve received from the company. When you click the link, the page even looks like Amazon’s website. Even the checkout process is the same.
The message offers you an unbelievable discount on a laptop and provides a link to the buying page. You click the link to buy it, enter your credit card information, and complete your order.
However, you’ve just became a victim of a phishing attack. The product page was fake and disguised very convincingly like the real thing. Instead of placing your order, the website sent your payment details straight to a thief.
In the above case, there were three tell-tale signs.
With the rise of things like the Internet of Things (IoT), smartphones, and social media, the number of opportunities for phishing has grown considerably. Attacks can now affect more than just banking. PayPal, eBay, and Amazon accounts have all reported incidents of phishing attempts on unsuspecting customers.
Watch out for these common types of phishing attacks:
Deceptive phishing is the most well-known lure. This strategy involves impersonating a legitimate business’s website to steal data. It takes a phisher with strong knowledge in social engineering to pull this tactic off effectively.
Also known as “CEO Fraud,” whaling occurs when a top executive at a company has his identity compromised. The phisher then orders employees to send funds to a separate account.
Whaling can also affect other high-profile individuals such as celebrities and politicians. Plus, given its focused nature, whaling can be difficult to detect since many departments never have contact with company executives.
Phishing kits are basically collections of software utilities you can download by mistake. Once installed, these tools can launch large phishing campaigns and send mass emails to spread the phishing attempts.
Some phishers can personalize the fraudulent messages they send you to make them more believable. These might contain your name, workplace, and phone number gathered through websites like LinkedIn. In fact, 95% of all attacks on enterprise networks are the result of spear phishing.
By its very nature, spear phishing is almost always used in whaling attempts and can involve impersonation of acquaintances and use of data from the victim’s social media sites, such as Twitter and Facebook.
Pharming programs work through a bit of DNS trickery and automatically redirect your web browser to a malicious site even if you input the correct URL to a genuine site.
Pharming was the culprit in a 2005 hijack of New York Internet service provider Panix, in which the website was redirected to another unrelated website in Australia. No losses were recorded, but the outcome demonstrated how dangerous pharming can be.
To fight back against pharming, make sure you only enter login information and personal data on URLs beginning with “https,” which denotes a secured connection.
Pretending to be the login page for a major online service like Google Drive, for instance, is a common and effective tactic.
Utilizing two-factor authentication (using two different authentication factors to verify yourself, such as a password AND facial recognition software) can greatly reduce your chances of becoming a victim as every login will require a second form of authentication to legitimize the login.
There are many methods phishers have developed to lure you into submitting your personal information and data. Knowing what to look out for puts you in a better position to detect and overcome these types of attacks.
Some common phishing tactics include:
You should also be on the lookout for:
You receive an email from your bank threatening to shut down your account unless you verify your credit card information on their website immediately. In this example, the link they give you will lead to a fake site.
A common tactic is the “Nigerian prince” email scam. Written in a poor, almost comical style, the extravagant story promises great riches should the victim send payment information.
As many of the stories go, the fake prince’s fortune has been locked behind a paywall. The scammer begs you to send money in order to restore access to this vast fortune, promising to pay you back many times over should you help.
While it may seem ridiculous, the silliness of the message is intentional, as only the most gullible will fall for the trick.
A phisher wants you to act on impulse, and what gets you worried more than the threat of being arrested? In the United States, phishers might send fake emails, or even calls from the FBI or IRS, threatening arrests for random crimes like tax evasion or music piracy.
Rest assured, the government will never send communication like this simply through an email and certainly won’t request funds with it. This type of lure tends to come bundled with ransomware as well, so avoid opening them at all costs.
Fake 1-800 numbers are easier to obtain than you think. These types of phishers will offer to inspect your machine for malware, pretend to find it, and send in a software package to help you “fix” it.
The irony is these scammers who offer to clean your computer will actually infect it with malware, keyloggers, and other phishing tools to extract your personal information.
Remember, a random tech support agent from a large corporation will never call you unless you have contacted them first.
Even our cell phones aren’t safe anymore. SMS phishing solicits personal information through text messages in the same way an email or website phishing does, with the added concern of being unexpected. SMS Phishing can also result in vishing or voice phishing (telephone phishing).
Phishers may sometimes post phony job offers on the Internet, primarily targeting teenagers who don’t know what they’re doing. Hired hands are employed to help in money laundering operations. While they sometimes do get paid like a real job, they’re also at a risk of criminal charges as a result.
Search engine viruses are essentially a Trojan with a strong standing in the search engine results. A virus might be advertised as the perfect solution to a technical problem you might be facing. SEO optimization plays a big role in ensuring the site shows up in your search.
Once you download and install the Trojan, relieved you finally fixed your technical problems, the malicious code takes over and your problems only get worse.
While not a direct form of phishing, SWATting can be a dangerous consequence. SWATting occurs when the phisher steals the victim’s phone number and calls in a fake bomb threat.
Emergency or not, having a SWAT team around your house is a stressful and dangerous experience, and in some cases, it can even be deadly, as SWAT teams are trained to treat every operation with maximum severity. Thankfully, modern law enforcement is now aware of SWATting attempts and usually know how to handle it.
Phishing is clearly a serious issue every online user must address, but it still begs the question: “What can I do to protect myself and my business from a phishing attack?”
Knowing that a problem exists is the first step to fighting back. Careless Internet surfing can leave you vulnerable to phishing attacks. If you’re a business owner, it’s also important to conduct training sessions with your employees to help them identify phishing scenarios, such as the ones mentioned above.
Among the lessons taught, get your workers to build good browsing habits, such as:
Your computer, when configured correctly, can protect itself. As a basic checklist, ensure that you have the following installed on every client machine:
As a business, you can take a few steps to prepare yourself in case a phishing attack breaches your servers. While ramping up your digital security with Microsoft’s Advanced Threat Analytics for your Windows-based machines is an option, you can also consider third-party cybersecurity insurance.
Decide on your needs based on how much you are willing to spend and how much you expect to save by protecting yourself.
Our experts have tried and tested all 47 antivirus programs available today. And while most of them offer adequate protection against most malware and viruses, not all of them offer good enough anti-spyware protection against phishing attacks.
That’s why we’d a recommend investing in a powerful antivirus that comes with a firewall to block the malicious attacks, as well as making sure that these programs are updated regularly. See our top ten suggestions here.
Like many types of phishing attacks, you can’t prevent some malicious emails from entering your inbox. They’re common junk mail. You certainly can, however, learn to recognize what’s right from wrong and what to do when you’re at risk.
Phishing emails might…
Voice phishing, also known as “vishing,” is a phishing attack via telephones and Voice-over-IP services.
Vishing can take many forms, but some common examples are:
14 Feb, 2020  0  Comments
Ensuring cybersecurity is becoming tougher every year as cybercriminals perform new attacks, exploit new vulnerabilities, and execute new attacks constantly; while regulatory institutions... ...Read More
06 Feb, 2020  0  Comments
According to the University of Chicago, social media is more addicting than cigarettes. Does this mean you should you steer clear of social media, or is there a way to use it without... ...Read More
04 Feb, 2020  0  Comments
At least 20 former Jehovah's Witnesses are suing the group over historical sexual abuse they say they suffered.
The group has a policy of not punishing alleged child sex abuse unless a... ...Read More
Productivity, we all have struggled with it, simply the working time seems so tight that we couldn’t get done anything we planned. It happens to everyone to struggles with... ...Read More
Sign up to receive our free newsletters!
We do not spam. We value your privacy!
© 2020 Just40days.com. All Rights Reserved. Developed by HariOm Technologies