Spot and Avoid Phishing Scams

By /

One of the most frequent forms of cyber crimes that affect the population and companies is phishing scams. These scams usually encompass con messages intended to elicit personal information from the intended victims including user name, passwords, or account and identification numbers.

What is Phishing and How it Works ?

While phishing is the impersonation of an entity or person and intends to acquire credit card/other sensitive details. Phishing mainly take place through emails or Short Messaging Service (SMS phishing or smishing), or possibly, through a website.

In a typical phishing attack:

  • Often the recipient of the link given either through the email or seen in the text message or through an apparently genuine website link.
  • The message contains a message or instruction to elicit some form of action typically involving clicking a link or downloading an attachment.
  • After the link is clicked, users are redirected to a replica of the real site or the installation of viruses on the victim’s gadget.
  • The user is requested to put in his or her personal details (for example, usernames, passwords, credit card details) that are collected by the attacker.

Why Phishing is Effective: Phishing works due to the basic human emotions of trust, giving urgency, and being fearful. For examples they could pose as; a bank official who want you to block your account as there is some unusual transactions or a colleague in distress. Through pressuring the victims, they compel them to make a decision and act impulsively neglecting the consequences.

Most Common Indications Of a Phishing Scam

Phishing attempts can be convincing, but there are several telltale signs to look for:

  • Generic greetings: Another sign that an email could be a phishing email is if it began with a general salutation such as to: “Dear Customer”.
  • Urgent or alarming language: Urgent calls messages that are typically the ones containing something like “your account has been hacked” or “payment overdue”.
  • Suspicious email addresses or URLs: Schemes also add a couple of characters to a legitimate one on one or two characters for instance Info@bankofarnerica.com instead of Info@bankofamerica.com. Occasionally, if you point the mouse cursor at a link, you may appear a URL, which is not a site that belongs to this link.
  • Poor spelling and grammar: In most cases there are grammatical errors, or misspelling at least, not that one should expect pure English from them but they tend not to be perfect.
  • Unsolicited attachments or links: An example of a phishing message is one which contains the message, has an attachment or asks you to click a hyperlink with no prior reason.Too good to be true offers: If the message contains information about winning a prize, or lottery, or some other benefit, of a kind that seems highly improbable, the message may belong to the category of scam messages.

Phishing Email Scam – Actual Attachment and Messages

Let’s explore some real-world examples of phishing emails to help you identify them:

Example 1: Fake Bank Alert: This is an e-mail that is sent to the user by a member of the bank advising the recipient that there is some activity in the users account that seems suspicious. It has a possibility to login and “secure your profile.” But the link takes you to the phishing site which is a duplicate to the login page of your bank and they manipulate the site.

Example 2: African Letter Fraud You receive a letter that says you have won a lottery and need to send some money to cover the courier costs of delivering the winnings to you. It actually consists of message that if you click on it leads either to your information being retrieved or malware being downloaded.

Example 3: Payroll Scam An email that appears to come from your HR department asks you to log into the payroll system to update your banking information. This fake login page is actually set up to steal your work credentials and sensitive financial details.

How To Be Safe If You Have Been Through a Phishing Attack

If you realize that you’ve fallen victim to a phishing scam, immediate action is crucial to limit the damage:

  • Don’t panic but act quickly: This way you will be able to be calm and think of the best action to take, after you have been attacked.
  • Change your passwords: First of all, if at one or the other point, you have been invited to input your login details on the given phishing site enticement, it’s high time you changed the passwords of all the accounts. This password must always be hard and different from your other passwords if you want it to be secure enough.
  • Enable two-factor authentication (2FA): Possible: Implement the 2FA of all the accounts available in the market today. This goes a notch higher in adding security even when a password has been hacked or exposed to the wrong people.
  • Contact the affected institution: If you disclosed information about your bank or a credit card, you should report it as soon as possible to the bank. It can help in the prevention of frauds and also suspension or closure of the affected accounts.
  • Check your credit reports and bank statements: The credit report is also another area that should be looked into in terms of disparities. If it may be necessary get a fraud alert on your account.
  • Run a malware scan: Further, if you were tricked into opening an email or hour clicked on a link or last opened an attachment in the received email, you need to be sure that your computer or device is not infected now by conducting a full antivirus or anti-malware scan.
  • Report the phishing attempt: Some of the steps include; Replying to the original phishing email and forwarding the copied phishing email to your email provider and the company being impersonated in case you are a business email user. As I have said earlier, most institutions have dedicated reporting email for phishing, for example, phishing@company.com.

Types Of Phishing Attacks

Phishing is divided into many categories the all of them applies different tactics. Perhaps, awareness of these differences is important to help one realize when one is being typed.

  • Email Phishing: The most wide-spread and the easiest to accomplish type of swindles when the criminals generate messages that resemble the messages of other companies/organizations/people you may have known before. Some of these emails contain links or attachments, the main idea of which is to take with them some of the information.
  • Spear Phishing: An advancement of email phishing, spear phishing focuses on particular people or corporations. These types of attacks are typically well looked at and attack messages contain information relevant only to the target to make it seem more plausible. For instance, an attacker might even have your name, place of work or any other details to make the email look authentic.
  • Whaling: A subtype of the traditional phishing technique involving high-ranking officials such as top executive or senior management often referred to as whales. These attacks pose a greater threat because the hackers target organization’s data, business or financial information. Whaling emails are normally classified under the emergency emails which originate from the chief executive officer or any other director in an organization hence being very risky.
  • Smishing (SMS Phishing): This is done through sending of textured messages to the victims with the view of making them click on a link or divulge personal info. These message may appear to be from a familiar source for example your bank or a delivery firm.
  • Vishing (Voice Phishing): The final kind of phishing is when the attackers call you and try to phish you disguised as a trusted organization such as banks or the Internal Revenue Service. Probably, they will attempt to make you divulge your identity or send them money.
  • Clone Phishing: It is performed by the creation of a new copy of an original email that was sent by a friend, an associate, or any other trusted person and changing it for including specific links or attachments. The biggest risk is that what the given email is a copy of the previous email and a user cannot tell this email is an illegitimate email.

Tips To Avoid Phishing Attacks

While phishing attacks can be difficult to avoid entirely, there are several proactive steps you can take to minimize the risk:

  • Verify the Source: When receiving such messages, it is always important to ensure that you verify the authenticity of the sender by checking the sender’s email address or phone number especially when the message thus received is an unsolicited one or one that is marked as very urgent. Do not respond to any unexpected messaging that you get on the social media accounts and especially those that claim to have an urgent matter with you or when they are asking for something like your details.
  • Avoid Clicking Links in Emails or Texts: Rather than visit the link that is embedded and shared through the link or the text message, directly enter the organization’s website on the internet browser. They seal the deal that you are on the right site and not a fake site created by phishers.
  • Be Skeptical of Unsolicited Attachments: Delete the picture or file and do not open any picture, files that you find in your email or in the SMS unless it is from a trustworthy friend or a family member expect an attachment from them. Files that seem to be harmless may contain a virus or malware program.
  • Keep Software and Systems Updated: Keeping your operating system, browsers and your antivirus softwares up to date is also paramount all the time. Such updates can include fixes for newly found security holes that would make it possible for phishers to be a bit more tricky and tougher for antivirus applications to handle.
  • Use Strong, Unique Passwords: In the event a phisher vests his trust in you and gets hold of your password, having one universal password compels all your accounts to become vulnerable. Be sure to create a different password for your account and you might use a password generator for the different accounts.
  • Check for HTTPS: Whenever you are typing your personal details on a website make sure that the web address starts with ‘https’. The “S” in http stands for secure and means the site encrypts your data for safe passage.
  • Be Wary of Pop-Up Windows: Pop-up windows may be used where the providers of the page request the user to input their sensitive information. Normally, only dubious organisations would ask for personal details through pop-ups. If you come across one, you should close that page and go to the specific organization’s website on your own browser.

WAYS REPORTERS INVESTED IN IMMERSION CAN LEARN BOTH HILO AND THEIR TEAM MEMBERS COUNTER PHISHING

These threats are real, especially in a day and age where protecting one’s personal and business data is more important than ever. Yourself and your team need refreshers, it would be wise if you and your team are informed and educated on how to avoid them from getting into phishing attacks.

  • Phishing Simulations: Most organizations in today’s environment conduct mock phishing exercises to inform employees when a possible scam is likely to be perpetrated. These controlled exercises introduce users to realistic phishing scams, and let them know how they can protect themselves.
  • Cybersecurity Training: Take classes or even when there are none available, watch webinars in order to be up to date with the current trends on phishing. Very often such resources offer sophisticated descriptions of the present day threats and the coherent instructions on how to avoid them.
  • Stay Updated on Current Scams: Hackers never run out of ideas and this is also true to their phishing schemes. Check cybersecurity articles, emails, or follow relevant accounts on social media to know current trending scams.The varied agencies of this nature for instance the FTC or any other government body in charge of cybersecurity may post to the people the ongoing phishing scenarios.

REPORT PHISHING ATTACKS WHY SHOULD PEOPLE DO SO

Any phishing attempts should be reported to assist the cybersecurity team on the scams and ensure they’re closed down. If you receive a phishing email or message:

  • Notify Your IT Department: Simply if you are subjecting it at your workplace or at any work related email address, forward the same to your company IT or security team. They can also be taught how to opt off such emails in future and inform the other employees.
  • Report to Authorities: Like any other cybercriminal activity, there are reporting centers for phishing attacks in many organizations and government agencies. To report phishing in the U.S., you can do so to Federal Trade Commission (FTC) or the Anti-Phishing Working Group (APWG).
  • Forward to the Impersonated Company: P75 Virtually all organisations today have teams to report with phish. For instance, for the phishing scams connected to PayPal, the phishing email or text should be reported to phishing@paypal.com.

There is also another factor about making the others become aware that such phishing attempts have been seen, this means that the same onslaught cannot be made again in the future.

Related Posts

Scroll to Top