The internet’s a great place to be in general. For some, it’s where all their work happens. For others, it’s a place to meet up with friends in the digital space and get involved in a little banter over an old photo on social media or do a little online gaming. And for others, the internet’s a haven of unsuspecting victims who they can con into handing over money, personal information, and other sensitive data.
Things just escalated rather quickly, didn’t they? To be honest, that’s just us going a little meta into the subject matter because that’s how quickly it can all go from being fun and games to becoming a victim of a phishing scam if you’re not careful.
That’s not to say that it’s inevitable that this will happen. If you’re careful online and keep your wits about you, you probably won’t end up a victim to a phishing con. Of course, that just depends on how advanced some of these scams are. That’s why we’ll go further into the topic so that you can understand the phenomenon better. This way, you’ll learn how to protect yourself from phishing emails and be able to avoid these scams more successfully.
What Is Phishing?
Many might be asking what exactly the term “phishing” means in the first place. And yes, it is supposed to sound like the word “fishing” – it’s just a respelling of the word since it’s a different phenomenon that works on a similar system. Just like regular fishing, phishing works on dangling bait in front of the victim.
Scammers use phishing tactics in order to get something from you which you wouldn’t otherwise hand over willingly, like money, access to your device or accounts, or your personal and other sensitive information. They do this by pretending to be a person or organization that you think you can trust. It all works on social engineering tactics, where victims are psychologically manipulated into performing certain actions or divulging information.
By far, the most common type of phishing occurs in the form of phishing emails. We’re not sure why, but the simple reason is likely because emails have just been more accessible and cheaper for longer, but phishing happens via social media and text messages fairly often now, too. A phishing email usually occurs when a scammer sends out unsolicited emails to potential victims in order to gain precious information that they could use in a variety of harmful ways. Usually, scammers entice you to unwittingly click a malicious link in the email. These phishing emails can manifest in many forms, so let’s look at a few of the most common types.
Spear Phishing
This is probably one of the more dangerous methods of phishing, as scammers put more effort into spear-phishing than they might with other types. Spear phishing is highly targeted – scammers perform research on you, the target, and customize their phishing emails with your name, position at work, your business phone number, and so on. This helps them to create a false rapport, leading you to believe that the spear phisher is legitimate – after all, how else would they get such information about you? By building trust, they’d be more likely to get you to click a link and fill out the information that gets sent to them, or they’d be more likely to get you to download a file attachment with some pretty dangerous spyware.
Where do scammers get your information from if they don’t know you? Websites like LinkedIn and other social media sites are filled with your personal information that they can piece together. They’re also able to harvest data about you from people search websites.
Deceptive Phishing
By far, the most common type of phishing that exists is deceptive phishing, where a scammer poses to be a legitimate company, sending you an email with the business or organization’s logo and what looks like legitimate links. This is also called spray-and-pray phishing.
These emails deceive you into believing that your bank, for example, wants you to log in and verify your account. However, when you click the link, you’re directed to a spoof online banking login page – one which can look eerily similar to the real one. What happens when you log in? It goes nowhere, but your banking login details are now in the hands of a fraudster. Look out for lots of typos in the email, or brand logos that just look a little off. Also, look at that email address a little more closely and you’ll realize that your bank, or Facebook, doesn’t use that address to contact you. If you suspect you’ve received one, you’re able to report phishing email occurrences to the Anti-Phishing Working Group.
CEO Fraud
Also known as “whaling”, this kind of phishing email scam takes spear phishing to another level. If the first phishing email is successful, whalers go further by posing as someone in an organization’s network to gain important business information. CEO fraud, or whaling, is usually all about the long game. Fraudsters use a spoofed email to infiltrate the network and eventually work their way into the supply chain, often conning many people before getting out of there completely.
Click Carefully
It’s all about clicking online, but don’t go about clicking links on websites unless you completely trust it. More so, stop yourself from clicking links in emails unless you’re completely sure that you know the sender.
Use Firewalls and Antivirus Software
It’s imperative that you invest in good antivirus software. These usually come with great firewall capabilities, too, which keep your device safe from intruders or attacks that may occur when you accidentally click an untrustworthy link.
Keep Track of Your Personal Information
Be aware of the personal information you put online. Increase privacy settings on your social media accounts to keep away prying eyes, and make sure to not give away compromising information on sites like LinkedIn. Look yourself up on Google and people search websites and see how easy it is to harvest your own information.