You must have come across the word phishing attacks at some point. Phishing is a cybercrime where the target is contacted by either email, text messages or phone. Most often, they are contacted by somebody posing as a reputable organization. In most cases, the attacker lures the victim to provide sensitive data such as their bank account details, credit cards or passwords.
Once attackers obtain the information they need, it could result in cases of identity theft or missing money from the victim’s account. Phishing dates to the 1900s and remains a menace up to date.
Exactly a month after tax day, Internal Revenue Service warned people that there were scammers who would send fake emails to taxpayers asking for the recipient’s email username and password. This way, they would steal personal data and use it in fraudulent activities. There had been attempted attacks in Illinois, New Jersey, North Carolina, and Iowa.
So what are the common phishing attacks and how should you avoid them?
- Deceptive phishing
Deceptive phishing is one of the most widely recognized types of phishing. It is any kind of attack where the attackers pose as legit trusted organizations to obtain confidential information from unknowing people.
The way they craft their messages uses some feeling of urgency so that clients can panic and do what the hackers ask them to do.
For example, you could get an email from ‘your bank’ in a matter of urgency telling you there is a security breach and they need your account details. The sad thing is once you click on the link provided, they may have a phony bank login page that gets the victim’s details and sends them to the hackers.
How to avoid:
Whether on a business level or a personal level, ensure that all the URLs are legit and if they link to a suspicious looking site.
Pay attention to spelling errors and non-specific greetings throughout the email. Such keenness helps avoid any phishing attacks to you and your organization.
- Spear phishing
Unfortunately, there is another type of phishing that is even more worrying than the deceptive one. Here, scammers personalize their attack emails using the victim’s name, company contacts and company position. Such emails are designed to convince the recipient that they have a connection with the sender.
Spear phishing happens as people can access information on sites such as LinkedIn and they craft a crafted email which you may fall victim of.
How to avoid:
People should try to avoid publishing information that is sensitive on social media where people can quickly get access.
Companies should hold employee seminars to educate them about phishing. They should also invest in tools or software that can pick up malicious emails.
Also known as “phishing without a lure,” it is a scamming practice where malicious code gets its way on your PC or server and redirects people to fraudulent sites without people’s knowledge.
There is domain name system (DNS) poisoning where the DNS table in a server is altered so that people think they are accessing a trusted site, but in the real sense, they are redirected to a malicious one. Victims end up in malicious sites without even noticing.
Attackers will often make use of DNS servers to route site names. They focus on the DNS server and change the IP address related to the trusted site making them able to divert people to unreliable websites.
Here, people give out their personal information unknowingly making them victims of identity theft.
How to avoid:
Always ensure that before giving out any information, the site is using HTTPS.
Verify the digital certificate of the website and ensure that the site is using a secure certificate. To do this, go to the browser properties menu and click “certificate” to verify.
Keep your operating system and browser update to avoid exploitation from scammers. For any PC related issues, TechLoris can help you get them sorted.
- CEO Fraud
It is common for phishers to target top executives in a company which is also known as whaling. Again, they aim to get their personal information so that they can request information from the rest of the employees which ends up being a high risk to the entire firm.
Take a look at this scenario where your boss asks for some company data; you will automatically comply without question. This could lead to substantial financial losses.
How to avoid:
Everybody should attend security awareness training (because we all know some managers skip them and let the subordinates attend) and install software that could help keep the company safe.
As an organization, there should be set rules and regulations to ensure that no sensitive information is sent via email. People should also be on the lookout for any fishy when they receive emails and be extra cautious. With that, it’s easier to avoid phishing attacks.