You may enjoy fishing, but be careful not to take the bait when it comes to the other type: phishing scams. Phishing is the deceptive practice of sending emails or messages disguised as legitimate organizations (or even friends, family, government agencies, etc.) to trick individuals into revealing sensitive information, and it is a serious threat in our digital age. It is estimated that 3.4 billion phishing emails are sent daily, and it continues to be one of the top 5 cybersecurity attacks. Learn about the different types of phishing and tips to help avoid falling victim to them.
Types of Phishing
Spear Phishing Think of Spear Phishing as a more precise and targeted attack designed to trick a specific person or company. Attackers will study and learn about an individual or company to craft messages with personalized content, looking to gain sensitive information or to get someone to perform an action – like transferring money.
Whaling Cybercriminals who perform whaling scams are looking to catch their own ”big fish”. These attackers focus on C-level executives, celebrities, and high-net-worth individuals or organizations.
Smishing Phishing scams aren’t limited to emails. Smishing uses SMS (text messages) to reach victims. This type of phishing tends to rely on a sense of urgency, trying to get individuals to not overthink and act quickly.
Vishing If emails and text messages aren’t enough to watch out for phishing, voice messages are also being used by threat actors. These phone and voice-based attacks try to deceive individuals into giving sensitive information or data over the phone.
Whether watching your text messages, emails, or phone calls for phishing scams, you can use these simple and effective techniques to protect yourself and others:
Stay Alert and Recognize the Signs Remember: if it looks phishy, it probably is. Check the email address or contact information for errors. They could look similar, but if it is a phishing attempt, they wouldn’t be exact matches. For example, using a “1” instead of an “l” in an email address is a common tactic. Check the rest of the email as well for grammatical errors including misspellings or awkward phrasing.
Resist the Temptation - Don’t Click If you have a bad feeling or think the message is potentially a phishing scam, it is better to play it safe than sorry. Don’t download attachments or click on links.
Report and Delete If you think you have a voice, email, or text message that “stinks” make sure to report it and delete it. In a work setting, it is imperative to let your IT department know and allow them to investigate the message. If it is in a personal setting and you are unsure, you can always check in with the organization that is referenced in the message by using contact information directly from the company or organization's webpage.
Phishing scams will continue to evolve and get trickier every day. You are your best defender when staying safe online - proceeding with caution when you are unsure of a message is the best course of defense. If you think it is suspicious - it probably is!
Comments