Phishing. No, it’s not a typo. If you’re looking for tips on where to cast off this weekend, you’ve come to the wrong place. But similar to how a fisherman lures his catch, phishing scams are tailored to reel you in.
These malicious attacks by fraudsters target your sensitive information such as usernames, passwords or bank account and credit card details through social engineering techniques. Cybercrime is a huge problem, with cost to organisations alone reaching $2.7 billion in 2018. Spam emails were the most widely used way of spreading malware last year, and phishing scams contributed a whopping 50% of all worldwide fraudulent attacks.
Essentially, phishing is a deceptive method used by cybercriminals to attempt to trick you into revealing your personal information to them. It’s hugely popular amongst hackers because masquerading as trustworthy sources to obtain sensitive information is much easier than attempting to break in and steal it themselves.
Phishing scams generally target victims through their emails, often posing as legitimate sources such as banks, employers or other account holders. They may contain malicious links to cleverly disguised fake websites, designed to extract sensitive information or trick the user into downloading malware onto their own computer.
Let’s say you get an email from your bank. Or you assume it’s from your bank; the email looks legitimate and similar enough in design to past correspondence. The email says you have an urgent issue to deal with on your account, maybe it suggests there’s been a security breach and you need to login in and deal with it immediately via the link provided. The link redirects to a login page that looks similar to the bank’s own website.
But all is not as it seems – both the email and webpage are cleverly designed clones. They belong to the hacker and once the ‘login’ is used so does your bank information. This is a classic example of a phishing scam. Although banks have been forced to change their communications to customers to combat this, such as never asking for passwords via email, social engineering attacks are vast and constantly evolving. So, let’s take a look at what you need to look out for and some tips to avoid falling foul of phishing techniques.
• Poor Spelling / Grammar
One common characteristic of phishing emails is that they’re badly written. This is likely because English isn’t the first language of the hacker, or that spelling mistakes don’t flag up on spam filters and therefore allow the email into your main inbox.
• Phishing Lingo
Look out for commonly used phishing email topics or phases. Emails that ask to ‘verify your account’ or ‘confirm your identity’ should always be treated cautiously. If it requires the input of login details of any kind, it’s worth telephoning the alleged sender to validate the requests authenticity. They will confirm whether or not you should have received any type of communication.
• Hyperlink and URL Inconsistencies
Another give away of fraudulent content can commonly be found in the hyperlink. Obviously, if the hyperlink looks different to the usual web address of the sender, this should raise alarm bells. But sometimes the hyperlink may be identical to the URL of the impersonated body. To check the authenticity of a link, hover your mouse over it and a preview will be displayed by the computer of the hyperlink’s URL. If the previewed URL is different to what the hyperlink says it is, this is a serious indicator the link may be a scam.
• “Warning: Urgent Email, Immediate Action Required!”
Any email written with a sense of urgency should be treated as suspicious. An immediate call for action, possibly accompanied with warnings about account breaches or security threats, are common examples of phishing scams designed to panic and rush victims into not properly considering the context and authenticity of the request. Ask yourself; if it was really so serious and urgent, would the sender not look for a more direct form of communication? Take your time and remain sceptical.
• You’ve Won!
This one is fairly obvious. Emails congratulating you on miraculously winning something you haven’t entered are, unfortunately, very likely a phishing scam. Any free gifts or prizes should be avoided like the plague.
• Donation Requests
As the old saying goes, a friend in need is a friend indeed. But be warned, phishing scams can play into this mindset of being a good Samaritan. Calls for financial help, perhaps due to illness or an unforeseen emergency, are designed to sound desperate and tug on the heart strings. However, in reality it’s all a hoax and sending money will only profit the scammer.
As we’ve discussed, there are some common themes and characteristics that run through a lot of phishing scams. Being aware of them can help identify fraudulent attacks when they occur. But for round-the-clock protection from phishing scams and malware, we suggest you follow these simple top tips.
We hope this blog post on phishing scams has been helpful. If you’re concerned about cyber security or simply want to find out more, please don’t hesitate to get in touch.
Image credit: Anatolir/Shutterstock.com
Matthew is Secura's content specialist, producing gripping, emotionally complex, edge of your seat, cloud hosting articles and videos.
Tweet me at:
@securacloud
