Phishing scams have become quite a real problem in the past few years and there is no sign they will continue to stop. The reason is quite obvious: they are a good method for hackers and cybercriminals to find their victims and make enormous profits.
Truth be told, phishing scams appeared pretty much since the appearance of the internet and, since then, cybercriminals have gone out of their way to perfect their techniques. But, fortunately, so have those fighting against them. This guide will give you an insight into what phishing actually is and what you can do to keep your personal information safe from cyberattacks.
What is phishing?
Phishing is the hackers’ attempt to make users willingly, but unknowingly, hand out personal information, such as credentials, credit card numbers and bank details. Basically, it is a form of identity theft.
A report done in 2017 found that the United States loses not less than half a billion dollars to phishing yearly, so it comes as no surprise that companies are going out of their way to warn users against revealing their credentials to anyone.
Hackers use events such as big data breaches, just like the one at eBay in 2014, to trick customers into giving out their personal information. Back then, hackers sent emails to eBay users, advising them towards changing their passwords and directing them towards a fake website that collected their credentials.
Keeping yourself informed about the latest phishing techniques will help you stay away from trouble and recognize any form of malicious emails or text messages you may receive. Companies are usually sending out warnings through various channels when such things happen, to inform their customers not to trust any of those messages. Also, make sure to check your online accounts regularly and report any suspicious activity you may discover. Payments, statements and other financial reports should be personally verified to make sure all purchases are valid.
Email seems to be the most common method
The most common way for hackers to harvest your data is by sending out what seem to be authentic emails from banks, governmental institutions or other companies. In order to make the emails look more authentic, they use identical branding, fonts and email formats as the real company and may even include contact details. Oftentimes, they also set up a fake website to back up their scam, which can look almost identical to the real ones. The impressive attention to detail is what makes people fall for these scams.
But how are cybercriminals collecting so many email addresses? They use multiple methods, such as illegally purchasing data, setting up fake subscription programs and sometimes even data brokers – people who collect information about individuals and then sell them to others.
If you receive an email that claims to be urgent and private, which requires any personal information and you are unsure of whether to trust it or not, it is recommended to check directly with the company for more information. They are usually aware of such scams and will have no trouble in confirming whether or not these emails are valid.
Messaging apps are not safe either
Smishing is a form of cyberattack which uses messages to try and convince victims to access certain links and then give away personal information. This seems to be the new phishing trend of 2019, as text messages don’t require that much attention to details. Be careful, as hackers may use another form of messaging apps, such as Facebook Messenger, Skype, WhatsApp and even Instagram direct messages.
The reason why these scams are so effective is that messaging apps don’t have the same level of security as emails do and users seem to be more likely to click on links received on those platforms, rather than emails.
In order to prevent this from happening, make sure to always check if the sender is who they claim to be. If you receive a text message from a company, you can go ahead and do a reverse phone lookup to see if the number is legitimate before proceeding to access any link or disclose any kind of information.
Be careful what files you open
Another popular form of phishing is called “pharming,” and involves tricking users into downloading malware that has been hidden inside what seems to be an important update or attachment. The user receives an email that sends them to a page similar or identical to the one of a legitimate website, in the hopes that they will not notice the difference and download the malware. Oftentimes, hackers will send out emails that will point to an attachment hosted on legitimate sharing services, such as Dropbox, Microsoft’s OneDrive or WeTransfer. These services do scan for malware, but not for malicious links, so the hacker will tell the victim they must first authenticate before viewing the file, which will lead them to a fake login page.
Never download any form of attachment if you are not certainly sure of what it is or if you feel it might have come from an untrusted source. At the same time, if you are requested to login to a certain page, using a password manager may be very helpful. A password manager will remember your passwords and only use it when you encounter a legitimate website. If the password manager does not recognize the website, you will not be able to enter your credentials, thus saving you from trouble.
While some phishing scams are quite easy to spot, either due to bad grammar or poor content quality, others are so real that they can fool anyone. Hackers are only becoming more sophisticated and are turning to complex methods to try and steal personal information or money.
Experts recommend not to access any untrusted website, and never to give out personal information through emails or messages. If you feel something might be wrong, call the company yourself and verify if the claims are real before proceeding to give out any personal information.