Ever gotten an e-mail offer that seemed just a little bit too good to be true? Might’ve been a phishing attempt! These are everywhere and can come in many different forms.
So what’s phishing exactly, how can you detect it and how can you keep safe?
What is phishing?
Phishing (pronounced like fishing) is a type of cyberattack that tricks the user into trusting the source and revealing sensitive information. Fishing being the perfect analogy, the bait is a legitimate-looking site, e-mail or file and when you take a bite, your identity, banking information and much more can be revealed and stolen.
Some phishing attempts are incredibly obvious, others are super elaborate. Like with most types of malware, cybercriminals have become extremely well-versed in phishing and anyone can fall for it. To help you recognize and avoid it, we’ll take you through a couple of phishing types and give you tips on what to do if faced with them.
This is actually the most common type of phishing. A cybercriminal creates an e-mail containing stuff like attractive offers, legitimate-looking attachments or links and makes it appear as though it’s coming from a trusted source.
For example, it looks like it’s coming from your bank or your favorite retailer. The logo looks legit and the structure of the e-mail seems familiar, so you might get tricked into clicking on whatever clickable content is in it.
Unfortunately this exposes your device to malware that hands your data off to the hacker, who can decide what to do with it further.
SMS and social media phishing
Like the above example, you could be approached with lucrative offers or links via text messages or social media messages. Typically, the messages seem relevant to the user as they will be made to look like they’re related to apps or services you’re using.
Voice phishing attacks are schemes that appear as though they’re coming from a credible number. Normally, you’ll get a call about something related to credit cards or taxes to get you into a state of worry, leading you to disclose personal information on the phone.
Spear phishing, whaling and BEC
Spear phishing normally targets specific individuals within a company who are likely to have access to sensitive data. Spear phishers spend time collecting information they can use to reach out to the individual looking as trustworthy as possible. They’ll typically lead with something relevant, for example mentioning an upcoming company event, and make a seemingly legitimate request.
Whaling is a more elaborate form of spear phishing, which targets people in even stronger positions such as executives or high-value individuals. The ultimate goal is to get them to transfer financial or other sensitive information that can be used to compromise the entire business.
BEC, or Business e-mail compromise, is a specific spear phishing technique carried out via e-mail. While there are many ways this is done, most commonly you’ll see instances where the phisher poses as a CEO or similar executive, or as a lower-level employee in specific positions (e.g. sales managers or financial controllers).
In the first situation, the impersonator reaches out to employees requesting them to transfer certain files or pay invoices. In the second situation, the phisher takes control of the employee’s e-mail account and sends false instructions to other employees in order to obtain data and information from them.
What can you do?
There are many ways you can be aware and spot a phishing attempt. Here are some tips:
- Always check the sender’s address in your e-mails, even when they seem to come from a familiar source.
- In any instance where payment information is requested, be very, very careful.
- If you are receiving attachments you never asked for and definitely didn’t expect, better not click on them.
- Beware of content that transmits a sense of urgency (sales deals, urgent updates to login credentials, etc.).
- Bad spelling and grammar are usually a telltale sign of phishing.
- Links that look shortened (e.g. Bit.ly) or just suspicious in general - if you have a bad feeling, do not click on them.
- If you are receiving threats, you probably shouldn’t be clicking on anything in that message.
- Always examine first-time senders in detail.
- Block suspicious e-mail addresses, numbers and social media accounts.
- If you are receiving a coupon for free stuff… You aren’t.
- If you’re being asked to update your payment details by a service you use, such as Netflix, chances are it’s an impersonator.
Those are some of the ways to identify and prevent phishing attacks. However, sometimes phishers disguise themselves a little too well or a misclick happens and there you go - you’ve been exposed to malware.
This won’t happen if you invest in powerful protection software from the get-go, though. A good antivirus program like Bitdefender will keep you safe from becoming a victim of phishing scams. In fact, it will protect you from malicious attacks overall.
Be it your household or your business you’re concerned about, there are a bunch of different packages and options available, providing different kinds of cybersecurity services. That’s the only way you can ever really be sure you aren’t at risk of a digital attack.
Have you ever been targeted by phishers and didn’t know that’s what it was until you read this article? Many can relate. Protect yourself before it’s too late!