Spam emails and texts are an ever-evolving annoyance. Filters and other methods of blocking spam are constantly being developed, but the spammers simply improve their own methods in response. These messages run the gamut from pointless to predatory, and among the latter are “phishing” messages.
What Is a Phishing Attack?
Phishing is a specific type of scam. Usually, it takes the form of emails or texts, but it can also take the form of phone scams, or can be conducted via other methods. The primary goal of a phishing scam is to trick the victim into providing the scammer with valuable private information, such as credit card numbers, passwords, or social security numbers. This allows them to either directly steal money, or to steal your identity.
How Does Phishing Work?
A phishing scheme will usually involve a call-to-action for the target. This call-to-action often involves reaching out to the scammer, or redirects the victim to a different webpage. This call-to-action is normally baited with an appealing offer or an urgent issue they say the target needs to address. The scammer will often be very convincing because they commonly use social engineering techniques. Any links or webpages that they try and redirect the victim to may also look very legitimate, or even be a dummy site imitating a more well-known website, such as in the case of the Google Docs phishing scam. These websites may prompt the victim to input information, such as logins, passwords, social security numbers, bank information or otherwise or they may use phishing software to steal it more directly.
Scams continually evolve as people get savvier to the methods cybercriminals use. Many are still very easy to identify, but scammers are getting better at making their cons appear to be legitimate offers or opportunities. As such, it is helpful to be informed about slightly more advanced methods of recognizing them, and what tricks they often employ.
Types of Phishing
There are many different types of phishing. Some of them, such as “vishing” (voice phishing) or “smishing” (SMS phishing), are distinctly relative to the medium that they use. Others are distinguishable by the tactics that they employ. For example, “spear phishing” is a more specific, individualized phishing scam, directed at a single person or company. “Whale phishing” or a “whaling attack” is a type of spear phishing that is tailored to trick a person who has particularly valuable personal information, such as a company executive.
How to Prevent Phishing Attacks
As discussed, it is possible to identify and avoid phishing attacks, even as they become more sophisticated. It is also important to keep in mind that even an experienced user could easily fall prey to these scams.
Learn to Spot the Signs of Phishing
Some more obvious signs of phishing (or any scam, really) are poor spelling, weird formatting, or clearly odd-looking links. However, these tell-tale signs are not always present, especially in the case of more personalized attacks. Red flags are still usually there, just far more subtle.
For instance, the reputation of a well-known site (e.g. the IRS, Google, WebMD) may make a phishing scheme more convincing, and subsequently, cybercriminals often create duplicates of such sites. However, domain names cannot be copied, and as a result, phishing websites often have similar domain names (like “iirs.com”), but they will not be exactly the same.
Other red flags include particularly pushy or urgent warnings and offers. “Overdue payments” or “expiring offers” are common types of bait used for phishing scams, because scammers maybe more successful if the victim thinks it is an urgent issue. It gives the victim less opportunity to scrutinize and investigate the validity of the request. It is also cause for concern if the messages appear to be coming from a personal email account (such as a Gmail account) rather than one with a company email address.
Secure Your Information
For anyone who is concerned that they may not be able to identify a phishing attack, doesn’t want to always be on guard, or just wants to create every possible hurdle for scammers, something important to keep in mind is the scammers’ end goal: your information. If they cannot get access to that, they have lost.
One way to help prevent phishers from getting your information is to adopt good practices about not sharing valuable personal information. However, even this option has its pitfalls, such as situations where phishing software is being used to steal information. Another option to consider is an app like MySudo which provides its users with unique identities to use online. Each profile even comes with its own individual phone number and email to use instead of your own. Using these profiles, a user can ensure that even if someone does steal their information, it was never their personally identifiable information to begin with.