What is Phishing?
Phishing is a type of social engineering scam in which a criminal poses as a legitimate institution, such as a bank or service, and attempts to obtain sensitive information from a target victim. It is most commonly hidden in a fraudulent email, but it can also be via text message, website, or phone call.
If the victim "takes the bait", the criminal will use malicious links, attachments, or simple instructions to obtain sensitive information such as:
Bulk phishing, also known as deceptive phishing, is the most common type of phishing attack. Cybercriminals send out fraudulent messages in bulk that make false promises, such as you've won money, are eligible for a refund, or your account is delinquent and action is required. They send the same email to a large group of people, knowing that at least a few will become victims of identity theft.
Spear Phishing: The executors of spear phishing will do their homework. To increase their chances of succeeding, cybercriminals gather as much personal information about their potential victim as possible. Then they use it to craft a message that appears particularly legitimate in order to lower the target's guard.
Whaling Attack: A type of spear phishing attack in which the attacker targets a company's executives and attempts to steal their login credentials. If successful, criminals will be able to steal from the company or impersonate the executive in order to defraud other company employees.
Clone Phishing: This type of phishing is especially deceptive and can be difficult to detect. The attacker duplicates the contents of a legitimate message that the target has already received and replaces the original links in the message with malicious ones that lead to a bogus website. To succeed, the cybercriminal must already have the victim's login credentials in their possession.Detecting and Avoiding Phishing Scams
Though cybercriminals will go to great lengths to make a message appear authentic and official, many phishing emails have detectable characteristics.
If you receive a message that contains any of the red flags listed below, do not follow its instructions, click its links, or download its attachments. Instead, contact the alleged sender of the email and inquire about the message's authenticity.
Phishing scams rely on deception, being aware of common scam features can mean the difference between being victimised and not being victimised. Avoid phishing by keeping the following in mind:Common Phishing Email Characteristics
Errors in spelling and grammar: This is the most common way to determine whether or not you have received a fraudulent message. Rarely will an institution or company, particularly a bank, send you an email with spelling or grammar errors.
The message requests the following personal information: Any email requesting login information or personally identifiable information should be confirmed with the organisation directly.
The message is extremely important: If you received an unexpected message offering a deal but only if you act now, it's most likely a scam. Err on the side of caution and call the institution for verification, especially if the message threatens to close your account.
The offer appears to be too good to be true: The old adage holds true here as well as anywhere else. Emails claiming you've won anything or that you're being refunded for a purchase you never made are dangerous. These should be ignored.
The sender's email appears suspicious: Slight variations in email addresses that attempt to look authentic but fall short are common. For example, you may bank with a company that sends emails from "firstname.lastname@example.org," but you receive one from "email@example.com." They may also attempt to change a single letter or character in the email address in the hope that the target will not notice.
Unexpected attachment: If you receive an email from an unknown sender with an unexpected attachment, do not click or download it. A scammer may have sent you a malware or ransomware attack in order to steal your information or take control of your machine.
Unknown sender hyperlinks: Malicious links can be easily disguised with text that makes them appear harmless. Hover your cursor over the link to see where it leads, and if you can't, don't click it-rather, take steps to confirm its authenticity.
Something isn't right: Follow your instincts. If you receive an email and something just doesn't feel right, you're probably right. It never hurts to double-check authenticity, but it can hurt to disregard your first instinct and treat the email as legitimate.
Additional preventative measures include spam detection from your email service, browser settings that can be configured to display a warning before entering a potentially dangerous site, and maintaining a diverse set of passwords that you change on a regular basis.
Disclaimer: The information is provided solely for general informational and educational purposes and is not intended to be a substitute for professional advice. As a result, before acting on such information, we recommend that you consult with the appropriate professionals.