What is phishing?
‘Phishing’ is a term that emerged during the 90s and is used to describe cyber attacks in which hackers are attempting to quickly gain access to your personal data. ‘Phishing’ emails lure people in, getting them to take the ‘bait’ which consequently gets individuals and organisations in trouble. Keeping your personal or business information safe is vital. Keep reading to find the 4 main types of phishing attacks and how you can keep yourself protected online.
Why is phishing an issue?
Cyber criminals resort to phishing because it is easy, cheap and effective. Email addresses are easy to access, so sending seemingly innocent emails is a low effort way of getting to people’s information. Often, phishing emails tell a story or use tactics that keep up with trends, like telling you to update your Netflix payments or claiming that they’ve noticed suspicious log-ins and activity. They trick people with links that will download malware, or direct the receiver to a dodgy website.
Personal issues caused by phishing:
- Money stolen from your bank
- Credit card charges
- Loans & Mortgages opened in an individual’s name
- Wire transfers to attackers accounts
- Fake social media posts on a recipients account
- Lost access to photos, videos and documents
Phishing has evolved over time, creating different calibres of this cyber crime. There are 4 main types of phishing which you should be aware of, so you know how to protect yourself and your organisation.
Different types of fishing to look out for
This is a general term for attacks carried out via email, which are the most widely known form of phishing. Attackers are generally looking to steal account credentials, personal information or confidential company information. Unfortunately, phishing scams can be hard to spot if you are unaware of what they might look like. Some things to look out for in potential email scams:
- An email without a recipient name (‘Dear customer’)
- Grammatical mistakes
- Asking to reset account information/update bank credentials
- Unfamiliar tone
- A sense of urgency (immediate action required, act now)
Attackers will usually use the same phrasing and logos as organisations or businesses to make their scam attempt seem legitimate. Most companies will not use an email to ask you for sensitive information, so be wary.
It’s important to be cautious of emails that are asking for money or looking for sensitive information. You can’t be hacked by simply opening an email, so if you suspect that you have received a phishing email, be sure not to open any of the links or divulge any personal information.
Vishing & smishing
Phone scams, known as ‘vishing’ or ‘voice phishing’ are another attempt at getting people’s credentials and sensitive information. These socially engineered attacks are aimed at gaining personally identifiable information. Vishing has recently become one of the more common types of scans, alongside phishing.
Vishing calls are usually vague enough to be real, tricking people into revealing their details. These are some common vishing tactics:
- Verifying a credit card charge
- Extended warranty calls
- Bank account information
- Your computer has been compromised and requires tech support
- You have won or are eligible for something you didn’t request
Vishing can take more forms than these examples, so be cautious with phone calls where you are being asked for personal information.
Smishing is a similar concept, using SMS messages to attack individuals. These SMS messages will look as though they have come from a legitimate business, such as your bank, asking for verification or other details. Another common tactic is to use the names of delivery services, such as UPS or Royal Mail, often providing a malicious link or verification of bank credentials.
Whaling is a term for more specifically targeted attacks. This is a type of CEO Fraud, where attack messages are typically sent to high-profile employees of a company to trick them into thinking the CEO, or another executive has requested money.
Threats of phishing to businesses:
- Loss of corporate funds
- Exposed business information
- Exposed employee information
- Decreasing the company value
- Damage to the business’ reputation
This is considered another method of phishing, however, instead of using large corporations as a cover, attackers act as the CEO of the targeted business. They usually specifically address the targeted individuals, making these encounters more tricky to detect.
Spear phishing is another type of cyber attack to look out for. These are attacks designed to target one individual or specific organisation. Usually for the purpose of stealing data, however sometimes the intent is to install malicious software to a target’s computer. Targeted emails are often more specific to the individual. Cybercriminals use individually designed approaches to target high-ranking people, such as top executives.
Targeted phishing attacks are carried out by using information from social websites and media to create a sense of familiarity regarding the target. This can make these more difficult to pick up on, however, business organisations should be aware of this threat.
How can I protect myself?
There is not one set way to prevent phishing attacks, however there are things you can do to protect your personal information. Some basic ideas to protect yourself are:
- Changing your passwords regularly, every month or so, to reduce the likelihood of a password being guessed
- Install firewalls to black malware that hackers may be trying to damage your computer with
- Using email security can use AI scans to detect and quarantine phishing messages before they reach an individual’s inbox
- Avoid clicking on pop ups and links that might take you to a harmful website
- Be cautious with who you give out your bank credentials to
A few other things to do are, to back up all your data elsewhere, just in case you fall victim to a hacker, you still have access to
How can I protect my business?
The means of protection for individuals also applies to businesses, such as
- Changing passwords
- Email security
- Keep your browser updated
- Avoid pop ups & links
- Pay attention to the content of emails or phone calls
- Multi factor authentication – this is a good means of protecting yourself and for businesses. By requiring two or more credentials to log into an account, more security is set up around the account.
However, for businesses, it is also important to educate all employees with Anti-Phishing training. Making them aware of the problem, showing employees how to recognise it and how to respond appropriately is crucial. The prevention of being attacked by phishing starts with educating employees to reduce the chance of a successful targeted phishing campaign.
A phishing audit can be run by business owners to evaluate the effectiveness of training. Here at MailCleaner, we simulate email attacks to see how well or poorly employees react to a phishing attempt.Showing your employees how to respond appropriately in the case that a phishing tactic is successful will also help to reduce the severity of the attack. By testing employees, businesses can work out where further training needs to be implemented.
What if I’ve been phished?
If you have been a victim of a cyber attack, there are a few things to help you stay protected.
- Change compromised passwords- this will reduce the likelihood of a hacker gaining access to multiple accounts
- Check your devices for malware or viruses
- Call your financial institution – if your bank credentials are compromised, call your bank and have your accounts frozen, explain what has happened
- Report the incident – you can report phishing incidents online and to your local police department
What we do here at MailCleaner
Staying safe on the internet is of the utmost importance to us. Here at MailCleaner, we provide solutions for spam and security problems. Founded in 1995, we have been continuously committed to providing email security and anti-spam protection to ensure your personal information is secure.
You can visit our website to find out more about the products and services that we offer. You can also find more information about cyber security and staying safe on our website.